Documentation

Use this guide to enable Single Sign-on (SSO) access via SAML to Vena. 



Prerequisites

  • Vena instance
  • Administrative access to Vena
  • SecureAuth IdP appliance with a realm ready for the Vena integration



SecureAuth IdP configuration

  1. Log in to your SecureAuth IdP Admin console.
  2. Go to the Post Authentication tab. 
  3. In the Post Authentication section, set the following:  

    Authentication User RedirectSet to SAML 2.0 (SP Initiated) Assertion.

  4. In the User ID Mapping section, set the following:

    User ID MappingSet to Email 1.
    Name ID FormatSet to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
    Encode to Base64Set to False.

  5. In the SAML Assertion / WS Federation section, set the following:

    WSFed Reply To / SAML Target URLSet to the absolute URL of the application, to where end users are redirected upon successful authentication.
    For example, https://vena.io:443/auth/saml
    SAML Consumer URLSet the to the Vena URL used to accept a SAML assertion.
    For example, https://vena.io:443/auth/saml
    WSFed/SAML Issuer

    Set to a unique name that identifies the SecureAuth IdP to the application (as the SAML ID).
    For example, https://xxxxx.com/SecureAuth16

    This value is shared with the application and can be any word, phrase, or URL, but must match exactly in the SecureAuth IdP and Vena configurations.

    SAML AudienceSet to the base domain of the application.
    For example,  https://vena.io:443/auth/saml
    SP Start URL

    Set to the login URL for the application.
    For example, https://xxxx.vena.io

    This value enables appropriate redirection for normal login and SSO login experiences.

    Sign SAML AssertionSet to False.
    Sign SAML MessageSet to True.
    Signing Cert Serial NumberLeave the default value in Signing Cert Serial Number field. Otherwise, to use a third-party certificate for the SAML assertion, click the Select Certificate link and choose the appropriate certificate.

  6. Save your changes.  
  7. In the SAML Attributes / WS Federation section, set the following attributes: 

    Be sure that these attributes are also mapped on the Data tab. For more information about LDAP attributes, see LDAP Attributes / SecureAuth IdP Profile Properties Data Mapping

    Attribute 1 NameSet to GUID.

    FormatSet to Unspecified.

    Value

    Set to Aux ID 2

    Attribute 2 NameSet to Email.

    FormatSet to Unspecified

    Value

    Set to Email 1

    Attribute 3 NameSet to FirstName

    FormatSet to Unspecified

    Value

    Set to First Name

    Attribute 4 NameSet to LastName

    FormatSet to Unspecified

    ValueSet to Last Name

  8. Save your changes. 



Vena configuration

If you do not have administrator access to your Vena instance, reach out to the Vena team for configuration details.