Valigov Enforce supports integration with Identity Providers (IdP) that support the XML-based Security Assertion Markup Language (SAML) 2.0 protocol.
For IdPs where Valigov Enforce doesn't appear in the app catalog or those without app catalogs, but support SAML 2.0, Valigov can be implemented using the following instructions.
Configuring Valigov Enforce with an IdP is a two-step process. Step 1 involves working within the IdP to configure Enforce as an app. Step 2 involves working within Enforce.
Step 1: IdP Configuration
A SAML 2.0 compliant IdP will typically require, at a minimum, the following data to configure an app:
| Attribute Name | Value |
|---|---|
| SAML Assertion Consumer Service (ACS) URL | https://app.valigov.com/sso/consume |
| Recipient URL | https://app.valigov.com/sso/consume |
| Destination | https://app.valigov.com/sso/consume |
| Audience URI (SP Entity ID) | https://app.valigov.com |
| Default RelayState | leave blank |
| Name ID Format | This should be in the form of an email address. |
Name ID: Some IdPs may need to know what format in which to send the Name ID to Valigov. The IdP should send in the format of an email address.
Additional Attributes: Enforce expects some additional user information to be passed by the IdP, these are:
| Attribute Name | Name Format | Value |
|---|---|---|
| FirstName | Unspecified | The user's first name as it appears in the IdP. |
| LastName | Unspecified | The user's last name as it appears in the IdP. |
⚠️ Note: the attribute names above are case-sensitive and should appear in the IdP configuration exactly as they do here.
Step 2: Valigov Enforce Configuration
1. Obtain the IdP Metadata file from your SSO provider. Some providers make this available through their user interface or online help, while others may require you to contact their Support Team. You will need this before continuing with setup.
⚠️SSO testing will fail unless you have also added to Valigov Enforce any users who should have access. Ensure users have already been added in Valigov Enforce under Account Settings.
2. In a new browser tab/window, go to https://app.valigov.com and login to Valigov with your username and password.
3. Click on your account name and click Account Settings.
4. In the Authentication section, click the Setup button.
5. In the Single Sign-on Configuration section, scroll down to the IDP Metadata File section and click the Choose File button. Locate the XML file you saved in Step 16 and upload it.
6. Then click
at the bottom of the page.
7. Testing IdP-initiated SSO: Open up a private/incognito window in your browser and go to your SSO provider's login portal, login with your SSO credentials, locate and then launch the Valigov Enforce app. If SSO was successful, you'll arrive at the Valigov Enforce home page for your account.
8. Testing SP-initiated SSO: Open up a private/incognito window in your browser and go to https://app.valigov.com and enter your SSO username (email address). You will see the following message -- click Sign in with SSO. You will then be taken to your SSO provider's login screen and the IdP-initiated login flow. If SSO was successful, you'll arrive at the Valigov Enforce home page for your account.
