Skip to main content
All CollectionsValimail SuiteGeneral SettingsSSO for Enforce
Tutorial: Integrating Valimail with a SAML 2.0 SSO Provider
Tutorial: Integrating Valimail with a SAML 2.0 SSO Provider
Updated over 7 months ago

Valimail supports integration with Identity Providers (IdP) that support the XML-based Security Assertion Markup Language (SAML) 2.0 protocol.

For IdPs where Valimail doesn't appear in the app catalog or those without app catalogs, but support SAML 2.0, Valimail can be implemented using the following instructions.

Configuring a Valimail product with an IdP is a two-step process. Step 1 involves working within the IdP to configure Valimail as an app. Step 2 involves working within our app.

Step 1: IdP Configuration

A SAML 2.0 compliant IdP will typically require, at a minimum, the following data to configure an app:

Attribute Name

Value

SAML Assertion Consumer Service (ACS) URL

Recipient URL

Destination

Audience URI (SP Entity ID)

Default RelayState

leave blank

Name ID Format

This should be in the form of an email address.

Name ID: Some IdPs may need to know what format in which to send the Name ID to Valimail. The IdP should send in the format of an email address.

Additional Attributes: Enforce expects some additional user information to be passed by the IdP, these are:

Attribute Name

Name Format

Value

FirstName

Unspecified

The user's first name as it appears in the IdP.

LastName

Unspecified

The user's last name as it appears in the IdP.

⚠️ Note: the attribute names above are case-sensitive and should appear in the IdP configuration exactly as they do here.

Step 2: Configuration within the Valimail Product Suite

1. Obtain the IdP Metadata file from your SSO provider. Some providers make this available through their user interface or online help, while others may require you to contact their Support Team. You will need this before continuing with setup.

⚠️SSO testing will fail unless you have also added to the Valimail Product Suite any users who should have access. Ensure users have already been added under Account Settings.

2. In a new browser tab/window, go to https://app.valimail.com and login to Valimail with your username and password.

3. Click on the gear icon on the Product Switcher.

a screen shot of a phone

4. Under 'General' Settings, go to the 'Account Security' tile and click 'Setup' for SSO

a screen shot of a computer

5. In the 'Single Sign-on Configuration' window, click 'upload IDP metadata file'. Locate the XML file you saved from your IdP and upload it.

a screenshot of a computer

6. Then click 'Enable'

7. Testing IdP-initiated SSO: Open up a private/incognito window in your browser and go to your SSO provider's login portal, login with your SSO credentials, locate and then launch the Valimail app. If SSO was successful, you'll arrive at the Valimail Enforce home page for your account.

8. Testing SP-initiated SSO: Open up a private/incognito window in your browser and go to https://app.valimail.com and enter your SSO username (email address). You will see the following message -- click Sign in with SSO. You will then be taken to your SSO provider's login screen and the IdP-initiated login flow. If SSO was successful, you'll arrive at the Valimail Product home page for your account.

a screenshot of a sign in

⚠️Encountered a problem or need help? Just email [email protected].

Did this answer your question?