Summary
Traditionally, Vartopia was configured using the "Vartopia" tab in the SSO settings. This was built on legacy technology and is not being implemented anymore. The purpose of this article is to assist Allbound System Admins with implementing the modernized Vartopia SSO.
Configuring Allbound for Vartopia as SP
First, we need to add a new SP to our settings in Allbound. To do so we need to navigate to our SSO settings page by going to Allbound Settings -> SSO.
Once there, click on “Add New Connection.”
Then click “Create SP To Connect To” under “Allbound As Identity Provider (IDP).”
Once on the “IDP Edit” screen, give the IDP a Name and Description.
Login URL: This value is from Vartopia and is required. It is two of the three values provided by Vartopia combined, specifically, the AssertionConsumerService (ACS) URL and the RelayState URL as a query parameter. So, if the ACS URL is https://vartopia.okta.com/sso/saml2 and the RelayState URL is https://vartopia.okta.com/home/vartopiaproduction/hshjngp7/ae4e35dz2p7 then your Login URL would be https://vartopia.okta.com/sso/saml2?RelayState=https://vartopia.okta.com/home/vartopiaproduction/hshjngp7/ae4e35dz2p7
Assertion URL: This value is from Vartopoa and is required.
Audience Restriction: This value is from Vartopia and is required.
Logout URL: This value is not required.
Issuer ID: This field is your Allbound portal URL and is filled in by default.
X509 Certificate: This value is generated by Allbound to be shared with Vartopia. Upon creation of the connection, ensure that the check box to “Generate a new certificate” is checked and it will generate upon saving.
Name ID Format: This value needs to be set to “Email”
Configuring Attributes: Vartopia requires 5 attributes to be passed with specific keys that have dynamic values. Additionally, there needs to be a sixth static value. To accomplish this step, go to the “Configure Available Attributes” section and click the + until there are 3 attribute rows. Configure the rows with the following Attribute Value (dropdown) to the corresponding Attribute Key (text):
Email => email
First Name => firstName
Last Name => lastName
Mobile Phone => mobilePhone
CRM ID => partnerSFDCID **there will be two versions of this in the dropdown list of attributes representing the user's CRM ID and partner companies' CRM ID. You will select the FIRST CRM ID in the list, representing the partner company CRM ID. It will always appear before user-level fields.
Above the configured attributes under the "Additional Payload Info" section, you will add a static value that will be sent with every SSO request. This will be your internal SFDC Org ID (15-digit or 18-digit). This information can be found in your company SFDC instance info or requested by an SFDC admin to get it for you. It will be sent with the key vendorSFDCSystemOrgID => value.
The result should look something like the following
Configuring Vartopia for a new IDP
Once you have completed the implementation for Vartopia on the Allbound side, you will now have access to download the metadata file for this configuration. Usually, if you provide Vartopia with this file, they will do the configuration work on their end. Once you have confirmation that they have set up the configuration, you may run a test via a Quick Link.
Setting Up Quick Link
This will be your Allbound instance URL with a query parameter with a key of "sso" and the value is the configuration ID on the Allbound SSO edit screen. You can find this value by navigating to SSO configurations and clicking on the link for the Vartopia configuration. The config_id will be at the end of the URL and will look something like https://yoursubdomain.allbound.com/allbound-settings/sso/#/SAML/25 with 25 being the config_id. Once you have the config_id, you can create a quick link, hero image, or dashboard button with the SAML SSO URL of https://yoursubdomain.allbound.com/?sso=[[config_id]]. If using a custom URL, simply add the ?sso=[[config_id]] to the end of it.