Valimail for Twilio SendGrid supports Single Sign-On (SSO) integration with Identity Providers (IDPs) that support the XML-based Security Assertion Markup Language (SAML) 2.0 protocol.
For IDPs that support SAML 2.0, but where the Valimail for Twilio SendGrid app does not appear in the app catalog or where there is no app catalog, SAML 2.0 SSO can be implemented using the following instructions.
Configuring Valimail for Twilio SendGrid with an IDP is a two-step process.
Step 1 involves working within the IDP interface to configure Valimail for Twilio SendGrid as an app.
Step 2 involves working within the Valimail for Twilio SendGrid interface.
Step 1: IDP Configuration
1. Go to your SAML 2.0 compliant SSO provider's login portal, login as an administrator, and create a generic SAML app.
2. Name the app Valimail for Twilio SendGrid and apply one or both of the logos below:
3. The configuration of a generic SAML app will typically require, at a minimum, the following data to be provided:
| Attribute Name | Value |
|---|---|
| SAML Assertion Consumer Service (ACS) URL | https://sendgrid.valimail.com/sso/consume |
| Recipient URL | https://sendgrid.valimail.com/sso/consume |
| Destination | https://sendgrid.valimail.com/sso/consume |
| Audience URI (SP Entity ID) | https://app.valimail.com |
| Default RelayState | leave blank |
| Name ID Format | This should be in the form of an email address. |
Name ID: Some IDPs may need to know the format in which to send the Name ID to Valimail. The IDP should send the Name ID in the format of an email address.
Additional Attributes: Valimail for Twilio SendGrid expects some additional user information to be passed by the IDP:
| Attribute Name | Name Format | Value |
|---|---|---|
| FirstName | Unspecified | The user's first name as it appears in the IDP. |
| LastName | Unspecified | The user's last name as it appears in the IDP. |
⚠️ Note: The attribute names above are case-sensitive and should appear in the IDP configuration exactly as they do here.
Step 2: Valimail for Twilio SendGrid Configuration
1. Obtain the IDP Metadata file from your SSO provider. Some providers make this available through their user interface or online help, while others may require you to contact their Support Team. You will need this before continuing with setup.
⚠️SSO testing will fail unless you have also added to your Valimail for Twilio SendGrid account any users who should have access. Ensure users have already been added in Valimail for Twilio SendGrid under Account Settings.
2. In a new browser tab/window, go to https://sendgrid.valimail.com and login to Valimail for Twilio SendGrid as an account Owner with your username and password.
3. In the left side menu click on Account Settings.
4. Click on the Single Sign-on Setup button:
5. Scroll down and enter the following information:
Identity Provider (IDP) Metadata File: Click Choose File and upload the IDP metadata file you downloaded to your computer in Step 2.1 above.
Enable JIT Provisioning (optional): Check this option to enable Just-In-Time (JIT) Provisioning.
Provisioning Domains (optional, but required for JIT): Add one or more JIT provisioning domains.
Click Enable Single Sign-On.
7. Go back to your SSO provider account and assign the Valimail for Twilio SendGrid app to the appropriate users.
Service Provider (SP) initiated Single Sign-On (SSO)
Enter your Email address.
Click Log In with SSO.
If you are already authenticated to your SSO provider and have been assigned the Valimail for Twilio SendGrid app, you will be automatically logged into your Valimail for Twilio SendGrid account - otherwise you will first be prompted to authenticate to your SSO provider.
Identity Provider (IDP) initiated Single Sign-On (SSO)
Login to your SSO provider account as a user that has been assigned the Valimail for Twilio SendGrid app.
Click on the Valimail for Twilio SendGrid app in the SSO provider portal and you will be automatically logged into your Valimail for Twilio SendGrid account.
⚠️Encountered a problem or need help? Just email support@valimail.com.