SSO for Your Shipium Account

Set up single-sign-on (SSO) log-ins for your organization's account users.

About SSO and your Shipium account

Configuring single sign-on (SSO) for your organization enables your account users to sign in only one time to one application and then be granted access to multiple other applications automatically, regardless of platform or domain. For SSO, Shipium supports Security Assertion Markup Language (SAML) version 2.0, a standard security protocol that allows for the creation and authentication of user accounts via an identity provider.

Requirements for configuring SSO with Shipium

You'll need the following information to configure SSO for your organization's account users.

What you needExample(s) and definition
Sign-in uniform resource locator (URL)The URL where SAML authentication requests are sent; also called the SSO endpoint
Sign-out URLThe URL where SAML logout requests are sent; also called the single logout (SLO) endpoint
X.509 signing certificateThe public-key certificate required by the service provider (Shipium) to validate the signature of the authentication assertions that have been digitally signed by your identity provider
See the code block directly below this table for an example.
Email address attribute (Optional)The attribute in the SAML payload that will be mapped to the email property in Shipium.
Default: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

Sample X.509 signing certificate

-----BEGIN CERTIFICATE-----
MIICzDCCAbQCCQDH8GvxPIeH+DANBgkqhkiG9w0BAQsFADAoMQswCQYDVQQGEwJh
cjEZMBcGA1UEAwwQaHR0cHM6Ly9uaWNvLmNvbTAeFw0xOTA0MDgxODA3NTVaFw0y
//
// more lines of base64-encoded information
//
nSWyabd+LiBGtLTMB+ZLbOIi3EioWPGw/nHOI8jzPrqhiCLuZCSQmiqrLQYNsc1W
-----END CERTIFICATE-----

Shipium supports the following metadata file formats:

  • CER
  • PEM
  • raw PEM
  • PKCS#7
  • Fingerprint

Set up and use SSO with your Shipium account

To configure SSO logins for your organization's Shipium account users, you'll first want to retrieve the SSO metadata (sign-in and sign-out URLs and x.509 certificate) from your SSO identity provider. You'll provide this information to your Shipium contact, and our IT team will complete the next part of the configuration process. Finally, you'll follow the steps for your specific identity provider to enable use of SSO from your environment. A Shipium team member will provide instructions and guide you through this process.

👍

Shipium supports custom SSO configuration

Shipium supports SSO configuration with multiple identity providers. Just reach out to your Shipium team member to get started.

Identity providers

Shipium will work with your organization to customize SSO configuration with your preferred identity provider. We also provide documentation specific to configuring SSO with Okta as your identity provider.

User permissions

Thinking about your account users' permission levels before configuring SSO can save time during setup. Users in the Shipium Console can be administrators, editors, or viewers. Be sure to discuss your permission level needs for users with your Shipium team member prior to configuration, as most identity providers enable group provisioning, which eliminates the need for manual user configuration later.

Resources

Your Shipium team member is available to help along the way. However, you might find these resources helpful: