If single sign-on is configured, the Marketplacer login screen allows your sellers to log in using your identity provider.
Note: You must create one per environment—for example, test-support, staging, or production.
Configure identity provider
To add an identity provider in Marketplacer:
- Create a new SAML application in your identity provider. Here are some examples:
- Populate the required field fields in your identity provider.
Field Value or where to find it in marketplacer Audience (EntityID) Get the Audience (EntityID) value from the downloaded metadata found at https://whatever.your.site.is/client/session/saml/metadata Recipient, ACS (Consumer) URL Validator and ACS (Consumer) URL Get the AssertionConsumerService URL value from the downloaded metadata found at https://whatever.your.site.is/client/session/saml/metadata SAML NameID Format Ensure that the SAML NameID Format is set to Email.
<company_employee_number>@company.com
SAML Issue Type The SAML Issue Type must be set to Specific if required by your identity provider. - Specify the attribute in the identity provider that defines the user’s “name”. This must be a unique email address.
- Specify the attribute in the identity provider that defines the user’s “first name”. This must be a string.
- Specify the attribute in the identity provider that defines the user’s “last name”. This must be a string.
- For seller user logins - Specify the attribute in the identity provider that defines the user’s “SellerURLTitle”. This must be a string. Refer to the section of this article for instructions on getting the seller’s URL title.
SSO Authentication Settings
The administrator of the SAML Identity Provider may ask you for a service provider certificate.
To access or generate the certificate:
- Go to Configuration > SSO Configuration.
- Do one of the following:
- Download the service provider metadata.
- Copy the service provider certificate (PEM encoded).
- Generate a new certificate, and then download or copy the result.
- You can then make the certificate available to the Identity Provider.
Add an identity provider
- Go to the Marketplacer Operator portal and sign in.
- Select CONFIGURATION > SSO Identity provider.
- Click New Identity Provider.
- Complete the required field and click Create. This table lists the fields on the SAML Identity Provider page.
| Field or Checkbox Name | Type | Notes |
| Name | Text Field | Name of the identity provider. This is used in the "Log in with ..." button on the login screen. |
| Does their own multi-factor authentication | Checkbox | If the Identity Provider already does multi-factor authentication, we will not require our own. |
| Hidden | Checkbox | If this identity provider is hidden, it will not be shown on the login screen. People can still log in using IdP-initiated flows (e.g. apps selector in Google). |
| Metadata URL (optional) | Text Field | If the metadata URL is supplied, we will refresh the metadata from there periodically. |
| Metadata XML (optional) | Text Area | If you do not supply a metadata URL, paste the metadata XML in this field. |
| Use this IdP for admin users | Checkbox | Check this box if you are using this for operator team member login. |
| Create missing admins | Checkbox | If an assertion is received for a person and we do not already have an admin account for them, create an admin account for them. |
| Update existing admins | Checkbox | If an assertion is received for a person who already has an admin account for them, update our records with the name and role provided in the assertion. |
| Name attribute in assertion | Text Field | Name of the field in the assertion that contains the person's name. |
| Role attribute in assertion | Text Field | Name of the field in the assertion that contains the person's role. |
| Use this IdP for seller users | Checkbox | Check this box if you are using this for seller login. |
| Create missing seller users | Checkbox | If an assertion is received for a person and we do not already have an admin account for them, create an admin account for them. |
| Update existing seller users | Checkbox | If an assertion is received for a person who already has an admin account for them, update our records with the name and role provided in the assertion. |
| First name attribute in assertion | Text Field | Name of the field in the assertion that contains the person's first name. |
| Surname attribute in assertion | Text Field | Name of the field in the assertion that contains the person's surname. |
| Seller URL title attribute in assertion | Text Field | Name of the field in the assertion that contains the person's seller's URL title. This is used to determine which seller the user is connected to. Refer to this article for detailed instructions on getting the seller url title for each seller. |
Get the Seller url title
Get the seller's “Seller URL title” from Marketplacer:
- Go to Manage sellers.
- Click the edit button for the seller you are looking for.
- Get the string in the URL before “/edit”.
In this example, the Seller URL title is “1-sample-business”.
Related articles