Security

Single sign-on

SAML for Single Sign-on now includes a relay state URL. RelayState is a parameter that defines where identity providers (idPs) send users after they authenticate. By default, a relay state URL is automatically generated for existing customers, but a custom URL can be defined. In some cases, there are idPs that use a different relay state parameter or URL. This setting gives administrators more flexibility to use different identity providers.

This enhancement will be enabled by default in all Network instances in the Production release, version 20R1.1.1. It supports the Network widgets and the SSO button on the Network login page.

Define a custom URL

Some identity providers do not use relayState as a parameter for capturing relay state and expect the returnURL parameter instead. To support these identity providers, you can define a custom URL. Custom relay state URLs must contain {NetworkToken}.

Example custom URL

https://verteo.myidp.com/app/veevanetwork832101_mynetwork_1/exkfi8zpxwlK9gIK70h7/sso/saml?returnurl={NetworkToken}

Network uses the custom URL during authentication and replaces {NetworkToken} with a specific URL or token to direct the user to the correct place.