SAML

SaleMove supports clients using Single Sign-On via Security Assertion Markup Language (SAML 2.0). SAML is an XML-based, open-standard data format that allows parties to securely exchange user authentication and authorization data. SAML-Based Single Sign-On (SSO) allows clients to have full control over the authorization and authentication of user accounts that can access to the web-based Operator Application. In this model, SaleMove acts as a service provider while SaleMove's clients act as identity providers that control usernames, passwords and other information used during the identification, authentication and authorization process of users by SaleMove web applications. In addition, all logs remain with the identity provider (SaleMove’s client) for audit purposes.

SaleMove supports two ways of SSO by means of SAML: Identity Provider (IdP) Initiated SSO (Unsolicited Web SSO) and Service Provider (SP) initiated SSO. In an IdP Initiated SSO a user is logged on to the IdP and attempts to access a resource (SaleMove) on a remote SP server. The SAML assertion is transported to the Service Provider (SaleMove) via HTTP POST.

The SAML parameters can be configured programmatically or by requesting help from your Success Manager.

POST Create SAML

Action: POST /saml

This creates a SAML provider that can be associated to a Site.

Parameters

Type

Required

Description

idp_metadata_url

String

Yes

A URL to the SAML Provider endpoint that returns the Provider's configuration data

site_id

String

Yes

The id of the Site that the SAML configuration will be associated with

name_identifier_format

String

Yes

The name of the attribute within a SAML response where the Operator's email is placed

subdomain

String

Yes

The subdomain that will be used by Operators to access the Operator console. E.g. if the subdomain is set to client_name then the Operators will access SaleMove via client_name.app.salemove.com

auth_context

String

No

The authentication context of the SAML

idp_name_attribute

String

No

The name of the attribute within a SAML response where the Operator's name is placed

idp_email_attribute

String

No

The name of the attribute within a SAML response where the Operator's email is placed

Later the information of the new SAML provider can be fetched at the URL subdomain.app.salemove.com/saml/metadata. Where the subdomain is the value of the parameter subdomain sent along with the POST request.

PUT Update SAML

Action: PUT /saml/{saml_id}

This updates the configuration of a SAML provider.

Parameters

Type

Required

Description

saml_id

String

Yes

The id of the SAML provider to be updated.

site_id

String

Yes

The id of the Site that the SAML will be assigned to.

idp_metadata_url

String

Yes

A URL to the SAML Provider endpoint that returns the Provider's configuration data.

site_id

String

Yes

The id of the Site that the SAML configuration will be associated with.

name_identifier_format

String

Yes

The name of the attribute within a SAML response where the Operator's email is placed.

subdomain

String

Yes

The subdomain that will be used by Operators to access the Operator console. E.g. if the subdomain is set to client_name then the operators will access SaleMove via client_name.app.salemove.com.

auth_context

String

No

The authentication context of the SAML

idp_name_attribute

String

No

The name of the attribute within a SAML response where the Operator's name is placed

idp_email_attribute

String

No

The name of the attribute within a SAML response where the Operator's email is placed

Call Your Customer Success Manager

While configuring the SAML provider via the Customer Success Manager the following parameters will be requested:

Parameters

Type

Required

Description

certificate fingerprint

String

Yes

The certificate fingerprint used for authentication purposes between the IDP and the SP

name_identifier_format

String

Yes

The name of the attribute within a SAML response where the Operator's email is placed