Identity Provider & SSO

in the seller settings go to accounts these settings let you configure how ticket buyers can create and log into their accounts when the integrated accounts option is toggled to active, customers will be able to create an account directly via your ticket shop there are two ways for ticket buyers to create an account via the sign in button in the top right corner of the hero shop via the register/login tab during checkout other identity providers (sso) tixify allows you to set up external identity providers for your ticket buyers such that they can create and use an account on tixify using your existing sso definitions idp the identity provider is the system that holds the customer records and login credentials and handles the authentication sp the service provider is the system that is requesting the account authentication before proceeding, in this case vivenu claims data about a user and their account that is provided by the idp to the sp during a saml login scopes data about a user and their account that is requested by the sp from the idp during an openid login supported sso integrations tixify can integrate with any single sign on (sso) identity provider that supports one of the following protocols saml 2 0 openid json web tokens (jwt) the setup process for json web tokens sso is not covered in this document please reach out to us for more information in case you need a custom integration and can't use saml 2 0 or openid setting up a third party identity provider with tixify follow the steps outlined below to set up an external identity provider using saml 2 0 or openid 1\ configure your identity provider on tixify open the tixify dashboard and navigate to settings > accounts within the identity provider box, you have an option to select between openid and saml2 0 choose your desired protocol based on your third party provider's capabilities depending on the protocol, you can configure the following settings for your idp idp settings for openid openid provider url input the url provided by your identity provider that contains information about the provider's configuration client id & client secret enter the "client id" and "client secret" details provided by your identity provider these credentials authenticate tixify as a trusted application scope we automatically request "openid, profile, email, phone" if you wish to request additional scopes, list them as comma separated values in the given input field idp settings for saml2 0 saml provider endpoint enter the endpoint url provided by your third party identity provider, where tixify should direct the saml authentication request this could be labeled as "sso url" or "saml endpoint" saml certificate copy the x 509 certificate from your identity provider paste this certificate into the designated field this certificate ensures the verification of the saml response signature note that the certificate must be in pem format enclose by begin certificate and end certificate 2\ configure the identity provider set up a new sso application or connection on your external identity provider to match the idp configuration you configured on vivenu you should be able to find the relevant steps in your identity provider's documentation note when using saml 2 0, tixify expects the saml assertions to be signed ensure that you have set wantassertionssigned="true" in your provider metadata for tixify note when using sso, tixify defers to the identity provider to specify whether a new user's email address should be considered verified therefore, you should set up your idp such that a claim called email verified ("true" or "false") is passed to tixify when authenticating a user example azure (entra) implementation using saml 2 0 this process will require us to start in the tixify dashboard, setup a basic version of the saml integration, switch over to entra and configure the entra enterprise application and then switch back to tixify to finalize the integration open the tixify dashboard and navigate to settings > accounts in the identity provider section, click the add provider button enter your preferred sso button text as the name of the provider (i e student login or member login), select the saml option, and for the purposes of the initial configuration, enter https //tempurl in the saml protocol url box and tempcert in the saml cert box and click the save button this will create a saml sso integration in tixify and generate a callback url copy the callback url for use in the entra configuration and switch the sso integration to active (the switch in the upper right of the sso integration with the tixify configuration established, switch to the entra instance and create a new enterprise application when you select the option to create a new application, entra will present a list of integrations in their app store select the create your own application option just under the browse microsoft entra id gallery enter a name for the application (recommend using tixify and the type of integration as shown below) and select integrate any other application you don’t find in the gallery (non gallery) and click the create button this will create a new application and return to the configuration screen for the newly created application select the get started link under the set up single sign on box select the saml box this will load the saml configuration screen select the pencil icon next to edit in the basic saml configuration section this will load a configuration window on the right hand side of the screen click the add identifier link and enter login microsoftonline com as the unique identifier click the add reply url and paste the callback url created in tixify earlier click the save button at the top of the page to configure the saml application click the pencil icon next to edit on the attributes & claims box map the claims from the entra tenant to the vivenu datapoints saml will send these claims to tixify at the time of successful login here is a list of supported tixify datapoints user givenname user surname user mail user city user state user postalcode user streetaddress user country user email verified click the download box next to the certificate > base64 in the saml certificates box click the copy button next to the login url in the setup \<application name> saml box return back to tixify and click the three dots next to the sso integration and select the edit button paste the login url into the saml protocol url box and the certificate date into the saml certificate box (you may need to open the certificate with a text editor to copy and paste it) the cert should have begin certificate at the beginning and end certificate at the end click the save button on the sso integration box and the main save button in the tixify dashboard