Stress Stop SSO Documentation
StressStop SSO Platform
Version 1.0
Partner Production - Identity Provider
| Service Endpoint URL | This is the endpoint that the partner service will connect to. May not be needed for some configurations. | |
| Entity ID / Service URI | The Entity ID is used to name the configuration and is also used as an audience restriction. The value must match to satisfy the audience restriction constraint. | |
| Certificate | The contents of your decryption certificate. |
Partner Staging - Identity Provider
| Service Endpoint URL | This is the endpoint that the partner service will connect to. May not be needed for some configurations. | |
| Entity ID / Service URI | The Entity ID is used to name the configuration and is also used as an audience restriction. The value must match to satisfy the audience restriction constraint. | |
| Certificate |
Partner Production – Service Provider
| Entity ID / Service URI | The Entity ID is used to name the configuration and is also used as an audience restriction. | |
| Service Endpoint URL | This is the service endpoint that our Identity Provider will connect to. | |
| Certificate | Used for encryption and signature validation. | |
| Name ID / Identifier | UserId <Guid> | This value will be the unique identifier used between the two systems. An appropriate identifier will be determined during configuration. |
| Additional required claims / attribute | Any required or optional attributes should be listed here. |
Partner Staging – Service Provider
| Entity ID / Service URI | The Entity ID is used to name the configuration and is also used as an audience restriction. | |
| Service Endpoint URL | This is the service endpoint that our Identity Provider will connect to. | |
| Certificate | Used for encryption and signature validation. | |
| Name ID / Identifier | UserId <Guid> | This value will be the unique identifier used between the two systems. An appropriate identifier will be determined during configuration. |
| Additional required claims / attribute | Any required or optional attributes should be listed here. |
Shared Configuration
This section describes the SAML2 configuration options that need to be configured on both sides of the SSO. These values can be mutually agreed upon.
| Sign AuthN Request | False | Determines whether the AuthN part of the SAML2 message must be signed. |
| Sign Response | True | Determines whether the response part of the SAML2 message must be signed. |
| Sign Assertion | False | Determines whether the Assertion part of the SAML2 message must be signed. |
| Encrypt Assertion | False | Determines whether the Assertion part of the SAML2 message must be encrypted. |
At least one of the Response or Assertion must be signed to establish a secure SAML2 SSO.
Accepted Claims
| Property | DataType | Description |
|---|---|---|
| FirstName | String | |
| LastName | String | |
| MiddleName | String | |
| DOB | Date | Format: yyyy-mmm-dd |
| NickName | String | |
| Ident | String | |
| Locale | String | |
| Gender | String | Male or Female |
| PreferredLanguage | String | ISOCode. Example: en-US,fr-US, es-ES. Note: The site must be configured for the language for it to be used. |
| HomePhone | String | |
| WorkPhone | String | |
| EmailAddress | String | |
| EmailContact | Bool | Determines if the user has consented to receive system emails. Valid values: True, False Default: False |
| AvatarPath | String | A url to the user’s Avatar. This can be an external url starting with http or https or a relative url to an image that exists within the StressStop Platform site structure. |
| TimeZoneId | String | A TimeZoneId in Windows Registry Format Ex: Mountain Standard Time, Pacific Standard Time, Central Standard Time, Eastern Standard Time, Newfoundland Standard Time, Etc |
| City | String |
Note: these are typical fields other companies sent us in the past, please update the Accepted Claims Property / DataType to your specific naming schema.