Configuring Allbound for WorkRamp as SP
First we need to add a new SP to our settings in Allbound. In order to do so we need to navigate to our SSO settings page by going to Allbound Settings -> SSO.
Once there, click on “Add New Connection.”
Then click “Create SP To Connect To” under “Allbound As Identity Provider (IDP).”
Once on the “IDP Edit” screen, give the IDP a Name and Description.
Login URL: This value is from WorkRamp and is required. This can be found in the WorkRamp metadata XML file as the AssertionConsumerService value. If there are multiple AssertionConsumerService attributes in the metadata file, use the one with the “HTTP-POST” binding. The value should be your WorkRamp URL with “/saml/consume” at the end.
Assertion URL: This value is from WorkRamp and is required. This can be found in the WorkRamp metadata XML file as the AssertionConsumerService value. If there are multiple AssertionConsumerService attributes in the metadata file, use the one with the “HTTP-POST” binding. The value should be your WorkRamp URL with “/saml/consume” at the end.
Audience Restriction: This value is from WorkRamp and is required. This will be referred to as the Entity ID in your metadata file. The value should be your WorkRamp URL with “/saml/metadata” at the end.
Logout URL: This value is from WorkRamp but is required. This is found in the metadata file as the SingleLogoutService. The value should be your WorkRamp URL with “/saml/consume” at the end.
Issuer ID: This field is your Allbound portal URL and filled in by default.
X509 Certificate: This value is generated by Allbound to be shared with WorkRamp. Upon creation of the connection, ensure that the check box to “Generate a new certificate” is checked and it will generate upon saving.
Name ID Format: This value needs to be set to “Email”
Configuring Attributes: WorkRamp requires 3 attributes to be passed with specific keys. To accomplish this step, go to the “Configure Available Attributes” section and click the + until there are 3 attribute rows. Configure the rows will with the following Attribute Value (drop down) to the corresponding Attribute Key (text):
Email => email
First Name => first_name
Last Name => last_name
Configuring WorkRamp for a new IDP
WorkRamp requires 3 values from Allbound to configure in the WorkRamp SSO settings.
X509 Certificate: This value is available in Allbound once you create the connection in SSO settings. The following is an example of what WorkRamp will need:
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIGAWonDGnhMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxETAPBgNVBAMMCGFsbGJvdW5kMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE5MDQxNjE2NDcwNloXDTI5MDQxNjE2NDgwNlowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjERMA8GA1UEAwwIYWxsYm91bmQxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUq5iMQ/CB3Mj6UjGJvACh72Mv//k4U+UeL/NA/knJJ0H60Ijdybu8X4gb1YyegJEhYG9R2Zfr+0wdvDuK+77Rur0/gehbvnId5d9BHBrdFYhhR5taGY6iGtHTGfgbWn6/bdQvUPSLJNPaJ4jfynp3skf/likUKYKuV9NzLp7NMl1C9pFJOKR7GvwNpD79dbn/0zNbQOzua2tr8HT+B6lb0ULLZACRdM38vFvN9SbQoR6+atz/ZT8Th82l6759JtCK77QXZv0BvKxDGLkw9Hhue31q12Yj7yNLDexkmy1iRYSNn+LhV7uemzCWCBvKqrw9Vnodlvh8IS53HZlmk47zLvoP4qrHmnR7sR9WhoDVdL5YDLl2hx60Je8=
-----END CERTIFICATE-----
Entity(Issuer) ID: This value is your Allbound portal URL.
Example: https://myportal.allbound.com/
**NOTES**
- Include the forward slash (“/”) at the end of the URL.
- If you have a custom domain implemented, you may use the custom domain as the Entity ID.
Single Sign On/Single Logout URL: This value is your Allbound portal URL.
Example: https://myportal.allbound.com/
**NOTES**
- Include the forward slash (“/”) at the end of the URL.
- If you have a custom domain implemented, you may use the custom domain as the Entity ID.
Setting Up Quick Link URL
This will be your Allbound instance URL with a query parameter with a key of "sso" and the value is the configuration ID on the Allbound SSO edit screen. You can find this value by navigating to SSO configurations and clicking on the link for the WorkRamp configuration. The config_id will be at the end of the URL and will look something like https://yoursubdomain.allbound.com/allbound-settings/sso/#/SAML/25 with 25 being the config_id. Once you have the config_id, you can create a quick link, hero image, or dashboard button with the SAML SSO URL of https://yoursubdomain.allbound.com/?sso=[[config_id]]. If using a custom URL, simply add the ?sso=[[config_id]] to the end of it.