How to set up SAML 2.0 Single Sign-On via an Identity Provider
BoldChat provides Single Sign-On support based on SAML 2.0 protocol. It accepts SAML Assertions using the SAMLResponse parameter where the NameID of the authenticated user is a mandatory claim.
On the Identity Provider (IdP) side you must set up the connection with the following parameters:
- Protocol type: SAML 2.0
- Service type: AssertionConsumerService
- Binding type: HTTP-POST
- WantAssertionsSigned: True
Alternatively, you can set up the connection using the BoldChat metadata XML below that contains the required parameters.
Important: Change both instances of
xxxxxxxxxx to your account ID. You can find your BoldChat SSO URL on the settings form. Change both instances of yyyyyyyyyy to the web client URL extended with the server set for your data residency region.
Data Center | URL |
---|---|
USA | web.boldchat.com |
EU | web-eu.boldchat.com |
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="https://yyyyyyyyyy/aid/xxxxxxxxxx/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yyyyyyyyyy/aid/xxxxxxxxxx/"/>
</SPSSODescriptor>
</EntityDescriptor>