SecureFlow
Prerequisites
Claromentis to Install the login handler module
Step 1
Once the Login Handler module has been installed - The following URL and Attribute configuration will need to be applied within your Claromentis SecureFlow application control panel:
Audience Restriction:
https://example.myintranet.com
Single Sign On URL:
https://example.myintranet.com/custom/loginhandler/simplesaml/public/module.php/saml/sp/saml2-acs.php/claromentis
Recipient URL:
https://example.myintranet.com/custom/loginhandler/simplesaml/public/module.php/saml/sp/saml2-acs.php/claromentis
Destination URL:
https://example.myintranet.com/custom/loginhandler/simplesaml/public/module.php/saml/sp/saml2-acs.php/claromentis
Note: Please ensure you update example.myintranet.com to match your intranet URL.
Attribute Statements:
Name Value username user.login firstname. user.firstName surname. user.lastName email user.email
Note: The Name values may be case sensitve so please ensure these are set correctly within your SecureFlow IDP.
Step 2
Once the attributes have been set within SecureFlow, you'll need to apply your IDP URL and Metadata.xml to the login handler module.
1. Within your claromentis intranet site, using the application menu navigate to:
Admin > Login Handler > SSO Configuration
2. Scroll down to the IDP Configuration section and set the IDP Identifier to your IDP URL
3. In the Federation Metadata XML section select "choose file" and upload your Metadata.xml
Important: Please be very careful when making changes within the Admin panel and only make changes to the values we have asked (IDP Identifier and metadata.xml)
NameID Policy - Please confirm if this has been changed from the default setting, otherwise this can be remain set to "Unspecified"
If you have any issues with appling the IDP URL or metadata please let us know in the project or change request ticket you have open and we can assist you with this.
Step 3
Optional: Test the configuration and SSO - joint work between Claromentis and client. For Claromentis to perform this your team will need to configure a test user, configured like the below:
SecureFlow test user - username and password need to be provided, along with the following 3 attributes populated for this user:
1 - Firstname 2 - Lastname 3 - Email
IMPORTANT - Please ensure provisioned test users don't have 2FA enabled as this may stop us from testing and completing the work
Step 4
Test SSO and confirm you can log in successfully - claromentis to troubleshoot with your team if needed.
