How to enable Single Sign On (SSO) on my Dryfta website?


Step 1: Configure your CRM as Identity Provider (IdP)

In your CRM, you will need to enter the following information to configure your IdP. (Replace 'yourevent' with your event domain eg. tedx2020)



SP-EntityID / Issuerhttps://yourevent.dryfta.com/plugins/authentication/miniorangesaml/
ACS (Assertion Consumer Service) URL / Single Sign-On URL (SSO)https://yourevent.dryfta.com/?morequest=acs
Single Logout URL (SLO)https://yourevent.dryfta.com/index.php?option=com_users&task=logout
Audience URIhttps://yourevent.dryfta.com/plugins/authentication/miniorangesaml/
NameID Formaturn:oasis:names:tc:SAML:1.1:   nameid-format:emailAddress
Default Relay State (Optional)https://yourevent.dryfta.com/

Alternatively, you can access these information from the Metadata URL: https://yourevent.dryfta.com/?morequest=metadata



Step 2: Configure Dryfta as Service Provider (SP) 

To setup Dryfta as the Service Provider, you need to email support desk (support@dryfta.com) with following information:



Single Sign-On Service URL  The SSO URL that you have noted from your CRM.        
IdP Entity ID or Issuer:  The Entity ID that you have noted from your CRM.
X.509 Certificate: Download this certificate from your CRM and send along with the email.




Step 3: Attribute Mapping (Optional) 

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your Identity Provider (IdP) and map them to Dryfta user attributes like firstname, lastname etc.
  • While auto-registering the users in your Dryfta site these attributes will automatically get mapped to your Dryfta user details.
AttributeName Identifier
Email    Email
Fist Name    FName
Last Name    LName


Note: Email address is used as the unique identifier in Dryfta.



Step 4: Enable SSO from under Contact Settings 

  • Go to your event website's login page and click on 'Login with your IdP credentials' button.
  • If you have configured the settings correctly, you should be able to create a Dryfta account using your CRM's existing login credentials and get logged-in to your Dryfta dashboard.
  • If you're unable to log in using your IdP credentials, please email support desk with the error message that is returned and a screenshot of the SSO configuration from your Identity Provider's dashboard.



Troubleshooting 

The SAML Tracer is an add-on in the Chrome/Firefox browser. Install it and open it when you perform SSO for the user from your browser. It will trace all the logs. When you get the error, export the logs from the SAML Tracer. Choose 'none' as value while exporting the logs from SAML Tracer and send the files.

Attributes mapping incorrectly? Let us know and we will run an automated configuration test for your SSO integration and see if the attributes names need to be updated based on what is being sent from the Identity Provider (IdP).

Redirects to 500 Internal Server Error page after logging in with your IdP credentials? Please ensure Email Address is set as the NameID at the Identity Provider (IdP).

0 Replies 0 Loves
Nov 02, 2023 01:03 AM

Replies

No reply posted yet.