XTRM Single Sign-On


Date: 01/01/2017

Version: 1.5


Using our single sign-on integration you can avoid having your users have to sign-on multiple times to view reward transactions and payout information. Single sign-on can be from a variety of SAML products such as Salesforce, Oracle, or your own home built system.


Call 1.866.367.9289 Option 2 for more information or email sales@xtrm.com or click HERE and fill out our contact form


Content



  • XTRM Single Sign-On
  • Content
  • Introduction
  • Implementation
  • Single Sign-On
  • Identity Provider
  • Authentication Parameters
  • Auto-Create Optional Parameters


 

Introduction


XTRM now offers a new way to access XTRM Portal through the implementation of a Single Sign-On (SSO) Service Provider (SP). 3rd party integrators can now connect their existing SSO Identity Provider (IdP) solutions with the XTRM SP and allow users to access the XTRM system seamlessly from the 3rd partner system without requiring re-entry or duplication of credentials. Since 3rd party SSO IdP implementations tend to differ across the industry , this document describes at a high level how the XTRM SSO SP is implemented and discusses the initial parameters and configurations required to start using SSO between the XTRM system and the 3rd party integrator.


Implementation


Single Sign-On

SSO is a protocol that allows systems to exchange user authentication information in a secure way. The systems are usually independent of each other but share a common interest for the user, so they agree on the implementation of the SSO protocol to facilitate the login process for the users when they have to switch between the systems. In the case of XTRM, most 3rd party users already have a set of credentials to access the 3rd party system and would need an extra set of credentials to access the XTRM. The SSO implementation permits the users to switch from the 3rd partner system to start creating and managing the Registrations within XTRM without re-entering credentials. The SSO protocol defines the interaction between an IdP and a SP using the Security Assertion Markup Language (SAML) standard to exchange the authentication information. The IdP is the one that provides the user credentials, and the SP trusts the user information passed by the IdP and agrees to provide access to its services or resources. In this implementation of SSO, XTRM performs the role of the SP, accepting requests from configured and trusted IdPs.


Identity Provider

Integrators who plan on offering a SSO solution to their users to access XTRM would need to implement an IdP server. As was already specified, the IdP needs to exchange information with the XTRM SP server using the SAML standard. As part of the attributes that are contained in the SAML, the XTRM SP expects some specific parameters that define the authentication information used by XTRM to allow the sign-on process.


Authentication Parameters


Expected parameters when a new SSO request is received are:

User Name – Email Address

The user name attribute needs to be a valid XTRM user name, hence the IdP needs to do the mapping from their system’s username to the username used in XTRM (in the event it is not the same). XTRM user names are typically the user email address.


Partner SFDC ID

The Partner SFDC ID attribute needs to match with the Partner Id established in XTRM when the Partner was initially created in the XTRM system. As an example, previous integrations have used the Partner SFDC ID.

Vendor SFDC System Org ID

The Vendor SFDC System Org ID attribute needs to match with the Vendor Organization Id set up at configuration time in XTRM that uniquely identifies the calling integrator.

An example of these parameters in a Single Sign-On request would look like this:

UserName=johndoe@myvar.com

Partner SFDC ID=001i000000SBrRg

Vendor SFDC System Org ID=00Di0000000h0Q9


All three parameters are validated during the SSO request authentication process and must match with the information stored in XTRM in order to grant the access. That is why one of the key steps during the setup is to exchange the information of the list of User Names, Partner Ids and Organization Id that will need to be used.


Auto-Create Optional Parameters


XTRM also supports the automatic creation of users provided the SAML payload includes all 4 additional, optional parameters. This provides an easy way for creating Partner Users without the Partner User Administrator having to create the users manually in the XTRM system to match what exists in the Partner Portal. Auto-creation is favored by larger sized Partners where their Partner User community is on the larger side.

First Name

The first name of the Partner User

Last Name

The last name of the Partner User

Email- Used for Username

The email address of the Partner User

Phone

The phone number of the Partner User

An example of these optional parameters in a Single Sign-On request would look like this (in addition to the 3 required parameters listed above):

FirstName=John

LastName=Doe

Email=johndoe@myvar.com

Phone=(123) 456-7890


Configuration

The final task in system-to-system integration involves configuring the SSO elements for communication. The following items need to be exchanged / setup in order for this to happen.

Third Party SAML SSO URL

This is the sign-in URL for the 3rd partner IdP. XTRM need this URL to add to their web configuration bindings. Example: https://vendor.com/idp/login

Third Party SAML SLO URL

This is the sign-out URL for the 3rd partner IdP. XTRM need this URL to add to their web configuration bindings. Example: https://vendor.com/idp/logout

Third Party SAML Certificate

This needs to be installed in the XTRM SSO server in order to exchange SAML information with the 3rd partner IdP.

XTRM SAML Assertion URL

This is the sign-in / assertion URL for the XTRM SP. The 3rd partner integrator will need this URL to add to their web configuration bindings. Example: https://dev.xtrm.com/web/common/sso/post.aspx

XTRM SAML SLO URL

This is the sign-out URL for the XTRM SP. The 3rd partner integrator will need this URL to add to their web configuration bindings. Example: https://dev.xtrm.com/web/common/sso/redirect.aspx



XTRM Sandbox


             XTRM SAML Assertion URL: https://dev.xtrm.com/web/common/sso/post.aspx

XTRM SAML SLO URL: https://dev.xtrm.com/web/common/sso/redirect.aspx 



XTRM Production


             XTRM SAML Assertion URL: https://www.xtrm.com/web/common/sso/post.aspx

XTRM SAML SLO URL: https://www.xtrm.com/web/common/sso/redirect.aspx