Set things up in the IBM Cloud Identity platform
1. Login to your IBM Cloud Identity account with administrator credentials.
2. Click Add application.
3. Click Add application again.
4. Select Custom Application and click Add application.
5. On the Add Application > General tab, enter the following data:
Name: Valimail Enforce
Company Name: Valimail
6. Click the Sign-on tab and enter the following data:
Sign-on Method: SAML 2.0
Provider ID: https://app.valimail.com
Assertion Consumer Service URL: https://app.valimail.com/sso/consume
Check Use Identity provider initiated single sign-on
7. Scroll down to the Attribute Mappings section and enter values indicated in the below screenshot and click Save.
8. In the right-panel, locate section 4 and download the Identity Provider Federate Metadata file and save it to your local drive.
Set things up in the Valimail platform
1. Be sure to add any users who should have access SSO access to Valimail, including the administrator user with which you are currently logged into IBM.
⚠️SSO testing will fail unless you add your user during this step and also ensure the user has already been added as a user in the Valimail Product under Account Settings.
2. In a new browser tab/window, go to https://app.valimail.com and login to Valimail with your username and password.
3. Click on your account name and click Account Settings.
4. In the Account Security section, click Setup.
5. In the Single Sign-on Configuration section, click Upload IDP metadata file.
6. Locate the XML file you saved in a previous step and upload it. You can drag and drop it or click Add IDP metadata file to open a browser to find your file.
7. Click Enable.
Test it Out
1. Testing IdP-initiated SSO: Open up a private/incognito window in your browser and go to the IBM login portal, login with your IBM credentials. If SSO was successful, you'll arrive at the Valimail home page for your account.
2. Testing SP-initiated SSO: Open up a private/incognito window in your browser and go to https://app.valimail.com and enter your IBM username (which is usually an email address). The password field will become disabled and you can click Log In with SSO. You will then be taken to the IBM login screen and the IdP-initiated login flow. If SSO was successful, you'll arrive at the Valimail home page for your account.