1. Home
  2. The Editor
  3. Advanced Features
  4. Single Sign-On for Dot.vu Experiences

Single Sign-On for Dot.vu Experiences

You can gate your experiences to a subset of authenticated users by integrating via Single Sign-On, which is very useful for any internally facing experiences such as:

  • Internal assessments
  • Calculators, quoting and other sales tools
  • Employee education

Requirements

Before you can integrate with Single Sign-On, you’ll need:

  • A public facing login page on Dot.vu (configured with a global Account Addon and Single Sign-On Addon)
  • One or more SSO gated pages on Dot.vu (configured with a global Account Addon and Single Sign-On Addon)
  • A subdomain for the experience and respective TLS certificate
  • A SAML 2.0 WebSSO protocol compatible Identity Provider (IdP) – e.g. Microsoft’s ADFS

Configuration Example

When all the requirements above are met, all that is left to do is setup the configuration on the Identity Provider Service (IdP) side and then on the Service Provider side (in our case, your interactive experience on Dot.vu).

The following steps exemplify integration with Microsoft’s ADFS, but other similar services are also supported, provided they support SAML 2.0 WebSSO.

Add a Relying Party Trust

Add a relying party trust, with the following steps and properties:

  1. Data Source: manually
  2. Profile: AD FS profile
  3. Enable support for the SAML 2.0 WebSSO protocol
  4. Identifiers
    • Relying party identifier (FQDN): <experience-subdomain.yourdomain.com>
  5. SAML Assertion Consumer Endpoint
    • Binding: POST
    • Trusted URL: <experience-subdomain.yourdomain.com>
  6. SAML Logout Endpoint
    • Binding: Redirect
    • Trusted URL: <experience-subdomain.yourdomain.com>
    • Response URL: you will need to contact Dot.vu support to obtain this URL, as it will be specific to your interactive experience configuration.
  7. Advanced
    • Secure hash algorithm: SHA-256
  8. Signature
    • the TLS certificate for <experience-subdomain.yourdomain.com>

Add Claim Rules

Once the Relying Party Trust has been created, add the following Claim Rules under ‘Issuance Transform Rules’:

OrderRule NameIssued Claims
1Email LDAP QueryE-Mail Address
2Transform email address as NameIDName ID

Single Sign-On Addon Configuration

Finally, the Single Sign-On Addon must be configured with the following information:

  • IdP identifier (e.g. yourdomain.com/adfs/services/trust)
  • Login URL (e.g. yourdomain.com/adfs/ls/IdpInitiatedSignon.aspx)
  • Logout URL (e.g. yourdomain.com/adfs/ls/IdpInitiatedSignon.aspx)
  • IdP Certificate (the public certificate for your ADFS’ FQDN)
  • SP Certificate (the public certificate for <experience-subdomain.yourdomain.com>)
  • SP Private Key (the private key for <experience-subdomain.yourdomain.com>)
  • Login Page (usually <experience-subdomain.yourdomain.com> or <experience-subdomain.yourdomain.com/login>)
  • On login redirect to… (the page to land on after successful login)

Maintenance

There are two main concerns you shall have regarding maintenance of the integration:

  • Each time the SP or IdP TLS certificates are renewed, you must contact Dot.vu support with significant anticipation (e.g. 1 month), so that we can coordinate the updates.
  • Inform Dot.vu whenever there is a change on the IdP side that may hinder the integration, to coordinate operations.
Updated on September 28, 2023

Was this article helpful?

Related Articles