IDP configurations
The following are examples of configurations for specific IDPs for federated authentication.
Important:
- These are examples and are not to be taken as an authoritative guide as each IDP is different and individual clients may have their own customizations.
- Please let your Mediaocean Business Solutions Consultant know if you have problems with an IDP documentation link as that helps us to ensure that the links are kept up to date.
Mediaocean attribute values differ depending on the SP instance you are configured for and so examples used here may not apply to you. The correct values for your configuration are provided with your Mediaocean SP metadata.
Links to examples of IDP configurations are provided here for:
Microsoft ADFS/Azure
Assertion claim attributes to be mapped
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Identifier (entity ID)
The identifier or audience must match the SP entity ID provided by Mediaocean. Azure documentation for identifier setup is available in Microsoft’s Azure application management documentation (see, Configuring single sign-on to non-gallery applications).
(Azure) Application as part of the identifier setup
There are multiple Mediaocean applications that use federated authentication, for example, Buyer workflow (Prisma), Estimates and costs (Aura), and Trading desk workflow (Radia). This use of the term “application” differs significantly from its meaning in Azure’s documentation, so when you set up the identifier using Azure’s documentation, ensure that you understand what the term “application” refers to there.
All Mediaocean applications use the same SP entity ID.
Okta
Assertion claim attributes to be mapped
- user.firstName
- user.lastName
- user.email
Other attributes
- Single sign-on URL, Recipient URL, Destination URL, all point to the Mediaocean's SP. For example:
- https://idp.mediaocean.com/sp/ACS.saml2
- Audience restriction (this is the entity ID of the service provider). For example:
- idp.mediaocean-com
Application labels
- A bookmark application can be added and mapped to a custom application URL in Okta. See Okta’s Help documentation, How to Create a Bookmark App, or their API documentation, Apps API: Add Bookmark application for more information.
- You can’t create an application in Okta with IDP initiated flow because Mediaocean uses an SP-initiated flow. You can simulate an IDP-initiated flow with the Bookmark App if required (see Simulating an IDP-initiated Flow with the Bookmark App ), but be aware that additional provisioning features on the IDP side aren’t supported by Bookmark apps.
OnePass
Assertion claim attributes to be mapped
- user.firstName
- user.lastName
- user.email
Other attributes
- Single sign-on URL, Recipient URL, Destination URL, ACS (Consumer) URL
- URL to Mediaocean's SP. For example:
- https://idp.mediaocean.com/sp/ACS.saml2
- ACS (Consumer) URL validator also points to Mediaocean's SP:
- Sample value could be "^https:\/\/idp\.mediaocean\.com\/sp\/ACS\.saml2.*$"
- SAML nameID format is "Email"
- Audience Restriction (this is the entity ID of the service provider). For example:
- mediaocean-com
- URL to Mediaocean's SP. For example:
Duo
Assertion claim attributes to be mapped
- givenName
- sn
Assertion claim attributes to be mapped
- FirstName
- LastName
Salesforce
Assertion claim attributes to be mapped
- User.FirstName
- User.LastName
- User.Email
Comments
0 comments
Article is closed for comments.