Configuring Single Sign On

Setting up Single Sign On (SSO) for Mapiq’s Office Shifts is very easy. There are only a few steps that we take together to get things up and running. Let’s get started.


As it is required to exchange more than just the basic information with Mapiq during login, Mapiq recommends the use of the SAML2.0 protocol as additional claims can be easily configured with this protocol.

Two applications: test and production

Mapiq offers multiple applications utilizing SSO. These applications are served via two authentication services: test and production. 

  • Test: https://ssovalidation.mapiq.com
    The test application is configured prior to the production application such that the configuration can be tested without affecting the production database. Additionally, the test application gives instant feedback via the user interface on the configuration.
  • Production: https://shifts.mapiq.com and https://admin.mapiq.com
    The production application consists of two portals: shifts for the regular employee, and admin for administrators. Although these have separate URLs they share the same SSO configuration.


Goals

Step 1-2To configure Single Sign On within your Identity Provider using the values provided by Mapiq and return the completed onboarding form to your Mapiq contact.

Step 3-5To test and validate the configuration prior to go-live

Step 6To enjoy Mapiq Office Shifts with Single Sign On 

Step 1: Register the test and production applications in your IdP

SAML2.0 OpenId Connect

Please configure both applications with the following information

Metadata URL:

Signing

SignatureSigning required
AssertionSigning required

Required feature: user profile

More information: Please see Mapiq's privacy policy

Requirements: all claims should be configured

AD propertyDescriptionExpected claim namespaceExpected claim name
Unique user idA claim value unique to the user. 
  • e.g. email address, employee id, or the object id from the AD
  • Please ensure that this claim is part of the <AttributeStatement> of the SAML response as Mapiq will not extract this value from the subject
http://schemas.xmlsoap.org/ws/2005/05/identity/claimsname
First nameThe user's first name (e.g. 'Jane')http://schemas.xmlsoap.org/ws/2005/05/identity/claimsgivenname
Last nameThe user's last name (e.g. 'Doe')http://schemas.xmlsoap.org/ws/2005/05/identity/claimssurname
Display nameThe user's full name (e.g. 'Jane Doe')http://schemas.xmlsoap.org/ws/2005/05/identity/claimsdisplayname
Email addressThe user's email addresshttp://schemas.xmlsoap.org/ws/2005/05/identity/claims emailaddress

Optional feature: automatic profile assignment

More information: Please see the support article on automatic profile assignment

Requirements: at least one claim should be configured

Business unitThe business unit the user is part of (e.g. 'company logistics')http://schemas.xmlsoap.org/ws/2005/05/identity/claimsbusinessunit
CountryThe country in which the user is based (e.g. 'NL', or 'The Netherlands')http://schemas.xmlsoap.org/ws/2005/05/identity/claimscountry
DepartmentThe department the user is part of (e.g. 'finance', or 'IT support')http://schemas.xmlsoap.org/ws/2005/05/identity/claimsdepartment
OfficeThe office where the user works (e.g. 'Amsterdam', or 'London')http://schemas.xmlsoap.org/ws/2005/05/identity/claimsoffice
Job titleThe user's job title (e.g. 'senior manager', or 'trainee')http://schemas.xmlsoap.org/ws/2005/05/identity/claimsjobtitle

Optional feature: Mapiq API

More information: Please see the support article on Mapiq's API

Requirements: the configuration of this claim is optional

External IdFor more information, please see the article on the Mapiq API
http://schemas.xmlsoap.org/ws/2005/05/identity/claimsexternalid

Optional feature: multiple environments

More information: Please see the support article on multiple environments 

Requirements: at least one claim should be configured

CountryThe country in which the user is based (e.g. 'NL', or 'The Netherlands')http://schemas.xmlsoap.org/ws/2005/05/identity/claimscountry
OfficeThe office where the user works (e.g. 'Amsterdam', or 'London')http://schemas.xmlsoap.org/ws/2005/05/identity/claimsoffice
Subscription Key

For more information, please see the article on multiple environments

http://schemas.xmlsoap.org/ws/2005/05/identity/claimsmapiqsubscriptionkey

Step 2: Complete and share the SSO onboarding form

Download the SSO Onboarding form at the bottom of this page and share it with your contact at Mapiq

Step 3: Test the configuration (wait for GO from Mapiq)

Please follow the instructions in the article on Testing your SSO integration

Step 4: Validate your production configuration

Please validate that the configuration of your production application matches that of your test application.

Step 5: Test the configuration on the production environment (wait for GO from Mapiq)

Once SSO for the production environment has been configured by Mapiq you should be able to login at https://shifts.mapiq.com

Step 6: Start using the application

Go to https://shifts.mapiq.com for the user application and https://admin.mapiq.com for the administrator portal

-

D
Daan is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.