Custom SSO Setup for signing in to Jomablue

overview jomablue supports user login via a saml2 0 based sso identity provider setting up your sso identity provider (e g okta, onelogin, jumpcloud, azure ad etc) for use with jomablue will involve the following steps contact jomablue to enable sso login jomablue will provide you with details to create an integration in your sso identity provider once you have entered those details into your sso identity provider, it will provide you with details to give back to jomablue once we have received those details and completed setup, we will notify you that sso login is ready to go contact jomablue to enable sso login firstly you will need to contact jomablue to enable sso login, and then we will provide you with a few urls and a certificate to enter into your sso identity provider additionally, you'll need to tell us which email domain(s) you would like to enforce sso login for the urls you will receive are identifier (entity id) this url takes the following form https //\<instance> jomablue com/saml2/\<tenant uuid>/metadata in your identity provider, this may also be referred to as audience uri/url sp entity id sp issuer url reply url (acs url) this url takes the following form https //\<instance> jomablue com/saml2/\<tenant uuid>/acs in your identity provider, this may also be referred to as a number of different names, including (but not limited to) "single sign on url" "acs url" "assertion consumer service url" "recipient" "reply url" sign on url this url takes the following form https //\<instance> jomablue com/saml2/\<tenant uuid>/login logout url this is only used if your identity provider supports slo (single log out) this url takes the following form https//\<instance>jomablue com/saml2/\<tenant uuid>/sls x509 certificate your identity provider may ask you to provide an x509 certificate; this will be provided to you by jomablue in the form of a crt file creating an application integration in your identity provider in your identity provider's admin console, create a new custom saml2 app integration, then populate the configuration fields for the saml2 app integration using the matching fields provided by jomablue populate saml2 configuration fields the exact field names will vary from provider to provider, but they will all match with one of the fields described in the previous section note that depending on your identity provider, not all the urls provided by jomablue will be required attribute mapping in addition to entering the correct urls into configuration fields when setting up your integration, you'll need to ensure the correct attributes are mapped by default, your identity provider should select "email" as the application username, but you'll also need to set up name attribute mapping the attribute name can be mapped to the "full name" value in your identity provider, if one is available otherwise, first name and last name can be mapped to the "first name" and "last name" attributes in your identity provider for example provide jomablue with the fields from your identity provider once you have created your saml2 integration in your identity provider, the identity provider will provide you with a number of fields which it will instruct you to enter into your service provider (which is jomablue) these fields will include a number of urls, and a x509 certificate some identity providers will alternatively offer an xml file to download, which will contain all the information provide these fields to us (via the same channel we provided the setup information to you) and we will take it from there an example of what these fields look like final setup once you have provided the fields from your identity provider to us, we will proceed with the final setup steps, and once we have enabled sso login for your instance, you will be able to use sso to log in you'll also know that sso has been enabled for you instance when the portal login page changes, to only display an email address field