SAML
The SAML page in Veezoo Admin lets you configure Veezoo to use Security Assertion Markup Language (SAML) to authenticate users.
Single sign-on with SAML is only available for Enterprise subscription plans. Check our pricing and get in touch with us to enable it!
Configure your identity provider
In a first step, you need to configure Veezoo as a service provider at your identity provider. Check our documentation on how to configure Microsoft Azure as an identity provider for Veezoo.
The information required and terminology used by your identity provider may slightly differ depending on the specific implementation used. You can view and extract Veezoo's service provider information from the Service Provider subsection:
Entity id
The entity id of the service provider, i.e. Veezoo.
This is a globally unique name identifying Veezoo as a service provider. Some identity providers might also call this the identifier, audience or similar.
Some identity providers might also call this the identifier, audience or similar.
Value: https://veezoo.com/saml
Assertion consumer service URL
The URL of the assertion consumer service (ACS) of the service provider, i.e. Veezoo.
This is the URL of the Veezoo endpoint where the identity provider should send SAML assertions to after an authentication. Some identity providers might also call this the callback URL, reply URL, destination or similar.
Value: https://<subdomain>.app.veezoo.com/saml/callback
Metadata
The metadata of the service provider, i.e. Veezoo.
This is an XML object containing all the necessary information to describe Veezoo as a service provier.
Enter your identity provider information
Veezoo needs to know about your identity provider, so it can send authentication requests to the right place. You can configure this information in the Identity provider subsection:
Metadata
The metadata of the identity provider.
This is an XML object containing all the necessary information to describe the identity provider. Identity providers typically let you download the metadata as a file.
Maximum authentication lifetime
The maximum lifetime of an authentication at the identity provider, specified in seconds.
SAML assertions returned by identity providers contain an AuthnStatement with an AuthnInstant attribute. The value of this attribute specifies the time at which the authentication took place at the identity provider. Veezoo rejects SAML assertions with an AuthnInstant value that is older than the configured maximum authentication lifetime.
Configure user attributes
When a user authenticates via single sign-on with SAML, a corresponding user gets automatically created in Veezoo. The User attributes subsection lets you configure some of the user attributes by defining user attribute mappings:
Read the user attributes documentation for more information.
Test and save the SAML configuration
After having completed the above steps to configure SAML, you can test and save your configuration. Click on the Test & Save button to perform an authentication test with the SAML configuration.
The authentication test is performed in an authentication popup window. Please make sure to instruct your browser to allow popups.
After a successful authentication test, a dialog displays the user attributes that resulted from applying the configured user attribute mappings:
You can now go ahead and save the configuration.
If the authentication test failed, please make sure your configuration is correct or contact us for support.
If you save a configuration which you enabled/disabled, or which is already enabled, the page will reload after the saving has completed. This is in order for the new authentication method to take effect (if you enabled/disabled the config) or to apply the user attribute mappings to your user (if the config is already enabled).
If you save an enabled configuration which doesn't assign your user the Creator user type, you won't be able save the configuration. This is because after saving, the page would reload and your user (not being a Creator) would not have access to Veezoo Admin anymore.