Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between identity and service providers. P2PE Manager Supports Single Sign-on in accordance to 2.0 SAML specifications. Single Sign-On (SSO) can be configured for Partners, Sub-partners and Clients.
This feature is designed to support one Identity Provider and is implemented by System Users!
- Complete the Single Sign-On Request Form and the SAML User Agreement. Involve your Identity Provider to gather the requested information and to create a field in the SSO system to validate P2PE Manager usernames.
The Identity Provider will need to provide the entire X-509 Certificate.
- Add users to P2PE Manager as usual.
- After Bluefin receives the requested information, our system administrators configure SAML in P2PE Manager. Then, the Single Sign-On Request form will be returned with the SAML Configuration Key.
The following information is required by Identity Providers to facilitate SAML configuration. This information should be shared with your Identity Provider's administrator so that your single sign-on system can be updated.
- Usernames. (List of active P2PE Manager users.)
- SAML Configuration Key : This key is generated during the setup process after receipt of the Single Sign-On Request Form.
- URLs (The names of the fields vary such as ACS, Audience or Consumer.)
- Consumer Validator: bluefin.p2pemanager.com/saml/callback/samlconfigkey
- Consumer Connection URL: bluefin.p2pemanager.com/saml/callback/samlconfigkey
- Logout URL: (Depending on the IDP this might or might not be needed)
The following illustrates an IDP Configuration screen that's used and controlled by the Merchant. In this example, we're using screenshots from OneLogin.
The value generated here must to be communicated to Bluefin to setup the SSO connection.
In this example, the actual certificate generated is inside the “View Details” link.
SAML Signature Algorithm
This setting contains the hash algorithm specified by the Partner based on their security level needs.
The value here needs to be communicated to Bluefin to setup the SSO connection (SAML Issuer)
SAML Endpoint URL
The value here needs to be communicated to Bluefin to setup the SSO connection (SAML End Point)
The following illustrates configuring a User inside an IDP. In this example, we're again using screenshots from OneLogin.
Basic demographic information about each user needs to be completed by the merchant in their IDP.
The user login is the only field relevant to configuring SAML/SSO. In the example shown, the p2pe_username parameter was added specifically for the SAML/SSO configuration to P2PE Manager.
This field name (p2pe_username) needs to be communicated to Bluefin to setup the SSO connection (SAML Field Name) Bluefin does not need the value of this entry (“muser” in the example shown), but the value must match a user in P2PE Manager who has access to this specific Partner/Client.
For reference, the following image illustrates the various IDP user fields including a field specifically added for the P2PE Manager SAML/SSO configuration. The IDP administrator should be familiar with this type of screen.
The following information is an overview of how to prepare Azure To set up Azure Active Directory portal access do the following:
- Log in to your Azure portal as usual and navigate to the Azure Active Directory.
- In the left panel, select Enterprise Applications.
- Create a new application or use an existing one.
- Follow the instructions shown to assign users to the application and Set up Single Sign-On.
- From the SSO page, enter your information into the Set up SAML test sign on section to populate your information in P2PE Manager.
Single Sign-On is designed to support one Identity Provider per Partner.
- Collect the information in the tables below and submit to Bluefin. ([email protected])
- Users need to be added to P2PE Manager as usual and be marked as Active users.
- Your Identity Provider (IDP) administrator will need to create a field to validate the P2PE Manager username.
- You will need to provide us with the full Certificate from the IDP that signs the authentication request.
- Bluefin will return this SSO Request Form to the IDP Administrator along with the SAML configuration KEY.
- The IDP Administrator will need to update their single sign-on software with the SAML configuration key and the proper URLs.
Logging in to P2PE Manager for SAML Users
After SSO is fully implemented by Bluefin and your IDP, users will access the P2PE Manager from the following URL: https://bluefin.p2pemanager.com/saml/samlconfigkey
- SAML Configuration Information
Enter the partner / sub-partner name. This will enable SAML for partner users (Partner Supervisors, Partner Fulfillment and Partner User.)
SAML Config Name
Enter the name of this SAML configuration.
Enter the URL of the Identity Provider for the SAML authentication request. (This is the URL of the Partner's instance of their IDP.) Typically called SAML Endpoint, SSO Endpoint, or IDP Login URL.
SAML Field Name
The field/variable that contains the P2PE Manager Username. This could be a custom parameter from the Identity Provider or an existing one that contains the P2PE Manager Username.
Enter the Issuer URL of the Identity Provider. This is the URL of the Partner's IDP user connection to the P2PE Manager.
Certificate file included
Bluefin returned SAML Configuration KEY
Bluefin will return this form with this value when the setup has been completed.
- Submission Information
[Name of Person Submitting Change Request]
[Name of Submitter’s Company]
Requests are completed 2 business days from receipt of complete and accurate forms. Changes are completed during business hours. Monday through Friday, 8:30 a.m. to 5:30 p.m. CST. Some requests may require scheduling and may take longer than 48 hours to complete.
Partners and Resellers are responsible for Tier 1 application and IDP support.
Updated 5 months ago