SAML Integration Overview 

Security Assertion Markup Language (SAML) is a standard for exchanging authentication and authorization data between an identity provider and a service provider (seoClarity). Currently available identity providers include Google, Microsoft, and Okta. Password Reset must be done on admin side if SAML is setup. seoClarity is not currently part of the InCommon Federation for metadata exchange. Support of signed and encrypted SAML assertions is based on the provider. 

1. Note:  SSO validates against the user list managed within the organization but does not add users to the platform. Users would need to be added to the platform to allow access. SeoClarity users with admin rights have the ability to add users to the platform. 
   

Background & Requirements for SAML Integration

seoClarity supports SAML 2.0, as such please check that your IdP supports SAML 2.0. You need to create a SAML application with information we provide to you and provide your IdP configuration to us after you're setup. No additional attributes except for email address are needed. 

1. Entity ID for SSO setup: SeoclaritySAML
   
1. This is the same across all endpoints
   
2. Email Domain(s): The domain(s) of the email addresses to have SAML enabled for. 
   
3. ACS: (Assertion Consumer Service) URLs for SSO setup are:
1. Production: ACS (SSO) URL: https://app.seoclarity.net/saml/sso 
   
2. Development: ACS (SSO) URL: https://qa.seoclarity.net/saml/sso  
   

You can determine if you would like to enable access to other seoClarity environments by adding the below ACS URLs: 

• https://eu.seoclarity.net/saml/sso 
• https://asia.seoclarity.net/saml/sso 

SAML Application Setup 

1a) For most IdP configuration, you just need to setup an application with the above Entity ID and ACS URL (single sign on URL), and leave other fields as default.  After setup, you need to download the IdP metadata.xml and send it to our support team at support@seoclarity.net 

1b) If you don’t have IdP metadata.xml , please provide the following to support@seoclarity.net : 

1. SSO URL 
2. Entity ID 
3. Certificate of IdP server 

Google G-suite SAML

Using Google as an example, we need you to provide the SSO URL, Entity ID and Certificate or IdP metadata file. The IdP metadata file is simpler and highly recommended. More information on Google SAML can be found here.

1) Navigate to your Google G-suite admin page.  

2) Choose "SAML apps". Click on the "Plus" icon lower-right to add a new SAML app.

3) Choose "Setup my own custom app" at the bottom of the list. Choose "Option 2", download your IDP metadata. Send it to our DEV teams. 

4) Customize your application

5) Enter the ACS URL and Entity ID URLs that we provided into the form above.

5) Switch your new SAML App “ON for everyone”   

2. Click on Applications and then "Create App Integration":

3. A dialog box will appear, select SAML 2.0, and then click Next.

 

 

5. In the Configure SAML section, enter the Single sign on URL and Audience URI (SP Entity ID) that we provided into the form above.  Click on "Show advanced settings" to open more configuration fields.