Configuring Allbound as SP
First we need to add a new SP to our settings in Allbound. In order to do so we need to navigate to our SSO settings page by going to Allbound Settings -> SSO.
Once there, click on “Add New Connection.”
Then click “Create IDP To Connect To” under “Allbound As Service Provider (SP).”
Once on the “IDP Edit” screen, give the IDP a Name and Description. The name will appear on the login button if activated at the bottom of the page.
The implementation will require 2 values to complete the configuration on the Allbound side, with an additional optional value.
Login/SingleSignOnService URL: This value is from Azure AD and is required. This value can be located in the Azure AD metadata XML file as the SingleSignOnService value.
Issuer ID: This value is from Azure AD and is required. This value can be located in the Azure AD metadata XML file as the entityId value, near the top of the file.
Entity ID: This value is from Allbound and is required. It is pre-populated with the instance URL which is the correct value.
Logout URL: This value is from Azure AD but is optional, and is the same as the Login URL.
X509 Certificate: This value is generated by Azure AD to be shared with Allbound. This value can be located in the Azure AD metadata XML file and should be in PEM format when added to the “Certificate” field. To achieve this format, simply paste the certificate between the following text. -----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
The final result should appear similar to the following example:
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIGAWonDGnhMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxETAPBgNVBAMMCGFsbGJvdW5kMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE5MDQxNjE2NDcwNloXDTI5MDQxNjE2NDgwNlowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjERMA8GA1UEAwwIYWxsYm91bmQxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUq5iMQ/CB3Mj6UjGJvACh72Mv//k4U+UeL/NA/knJJ0H60Ijdybu8X4gb1YyegJEhYG9R2Zfr+0wdvDuK+77Rur0/gehbvnId5d9BHBrdFYhhR5taGY6iGtHTGfgbWn6/bdQvUPSLJNPaJ4jfynp3skf/likUKYKuV9NzLp7NMl1C9pFJOKR7GvwNpD79dbn/0zNbQOzua2tr8HT+B6lb0ULLZACRdM38vFvN9SbQoR6+atz/ZT8Th82l6759JtCK77QXZv0BvKxDGLkw9Hhue31q12Yj7yNLDexkmy1iRYSNn+LhV7uemzCWCBvKqrw9Vnodlvh8IS53HZlmk47zLvoP4qrHmnR7sR9WhoDVdL5YDLl2hx60Je8=
-----END CERTIFICATE-----
Configuring Attributes: Allbound is required to configure 3 attributes to be received with specific keys.
Email => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
First Name => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last Name => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Configuring Azure AD for a new IDP
Azure AD requires 2 values from Allbound to configure in the Azure AD SSO settings.
Entity(Issuer) ID: This value is your Allbound portal URL.
Example: https://myportal.allbound.com/
**NOTES**
- Include the forward slash (“/”) at the end of the URL.
- If you have a custom domain implemented, you may use the custom domain as the Entity ID.
Assertion URL/ACS URL: This value is your Allbound portal URL /acs.
Example: https://myportal.allbound.com/acs
**NOTES**
- If you have a custom domain implemented, you may use the custom domain as the Entity ID.