Valimail supports integration with Identity Providers (IdP) that support the XML-based Security Assertion Markup Language (SAML) 2.0 protocol.
For IdPs where Valimail doesn't appear in the app catalog or those without app catalogs, but support SAML 2.0, Valimail can be implemented using the following instructions.
Configuring a Valimail product with an IdP is a two-step process. Step 1 involves working within the IdP to configure Valimail as an app. Step 2 involves working within our app.
Step 1: IdP Configuration
A SAML 2.0 compliant IdP will typically require, at a minimum, the following data to configure an app:
|SAML Assertion Consumer Service (ACS) URL||https://app.valimail.com/sso/consume|
|Audience URI (SP Entity ID)||https://app.valimail.com|
|Default RelayState||leave blank|
|Name ID Format||This should be in the form of an email address.|
Name ID: Some IdPs may need to know what format in which to send the Name ID to Valimail. The IdP should send in the format of an email address.
Additional Attributes: Enforce expects some additional user information to be passed by the IdP, these are:
|Attribute Name||Name Format||Value|
|FirstName||Unspecified||The user's first name as it appears in the IdP.|
|LastName||Unspecified||The user's last name as it appears in the IdP.|
⚠️ Note: the attribute names above are case-sensitive and should appear in the IdP configuration exactly as they do here.
Step 2: Configuration within the Valimail Product Suite
1. Obtain the IdP Metadata file from your SSO provider. Some providers make this available through their user interface or online help, while others may require you to contact their Support Team. You will need this before continuing with setup.
⚠️SSO testing will fail unless you have also added to the Valimail Product Suite any users who should have access. Ensure users have already been added under Account Settings.
2. In a new browser tab/window, go to https://app.valimail.com and login to Valimail with your username and password.
3. Click on the gear icon on the Product Switcher.
4. Under 'General' Settings, go to the 'Account Security' tile and click 'Setup' for SSO
5. In the 'Single Sign-on Configuration' window, click 'upload IDP metadata file'. Locate the XML file you saved from your IdP and upload it.
6. Then click 'Enable'
7. Testing IdP-initiated SSO: Open up a private/incognito window in your browser and go to your SSO provider's login portal, login with your SSO credentials, locate and then launch the Valimail app. If SSO was successful, you'll arrive at the Valimail Enforce home page for your account.
8. Testing SP-initiated SSO: Open up a private/incognito window in your browser and go to https://app.valimail.com and enter your SSO username (email address). You will see the following message -- click Sign in with SSO. You will then be taken to your SSO provider's login screen and the IdP-initiated login flow. If SSO was successful, you'll arrive at the Valimail Product home page for your account.
⚠️Encountered a problem or need help? Just email firstname.lastname@example.org.