SSO for Your Shipium Account
Set up single-sign-on (SSO) logins for your organization's account users.
About SSO and your Shipium account
Configuring single sign-on (SSO) for your organization enables your account users to sign in only one time to one application and then be granted access to multiple other applications automatically, regardless of platform or domain. For SSO, Shipium supports Security Assertion Markup Language (SAML) version 2.0, a standard security protocol that allows for the creation and authentication of user accounts via an identity provider.
Requirements for configuring SSO with Shipium
You'll need the following information to configure SSO for your organization's account users.
| What you need | Example(s) and definition |
|---|---|
| Sign-in uniform resource locator (URL) | The URL where SAML authentication requests are sent; also called the SSO endpoint |
| Sign-out URL | The URL where SAML logout requests are sent; also called the single logout (SLO) endpoint |
| X.509 signing certificate | The public-key certificate required by the service provider (Shipium) to validate the signature of the authentication assertions that have been digitally signed by your identity provider See the code block directly below this table for an example. |
| Email address attribute (Optional) | The attribute in the SAML payload that will be mapped to the email property in Shipium. Default: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
Sample X.509 signing certificate
-----BEGIN CERTIFICATE-----
MIICzDCCAbQCCQDH8GvxPIeH+DANBgkqhkiG9w0BAQsFADAoMQswCQYDVQQGEwJh
cjEZMBcGA1UEAwwQaHR0cHM6Ly9uaWNvLmNvbTAeFw0xOTA0MDgxODA3NTVaFw0y
//
// more lines of base64-encoded information
//
nSWyabd+LiBGtLTMB+ZLbOIi3EioWPGw/nHOI8jzPrqhiCLuZCSQmiqrLQYNsc1W
-----END CERTIFICATE-----
Shipium supports the following metadata file formats:
- CER
- PEM
- raw PEM
- PKCS#7
- Fingerprint
Set up and use SSO with your Shipium account
To configure SSO logins for your organization's Shipium account users, you'll first want to retrieve the SSO metadata (sign-in and sign-out URLs and x.509 certificate) from your SSO identity provider. You'll provide this information to your Shipium contact, and our IT team will complete the next part of the configuration process. Finally, you'll follow the steps for your specific identity provider to enable use of SSO from your environment. A Shipium team member will provide instructions and guide you through this process.
Shipium supports custom SSO configuration
Shipium supports SSO configuration with multiple identity providers. Just reach out to your Shipium team member to get started.
Identity providers
Shipium will work with your organization to customize SSO configuration with your preferred identity provider. We also provide documentation specific to configuring SSO with Okta as your identity provider.
User permissions
Thinking about your account users' permission levels before configuring SSO can save time during setup. Users in the Shipium Console can be administrators, editors, or viewers. Be sure to discuss your permission level needs for users with your Shipium team member prior to configuration, as most identity providers enable group provisioning, which eliminates the need for manual user configuration later.
Resources
Your Shipium team member is available to help along the way. However, you might find these resources helpful:
Updated 10 days ago