PartnerPage

PartnerPage supports SAML 2.0 and OIDC SSO connections via our identity provider, Auth0. This functionality is included in our Enterprise plan, or can be purchased a-la-carte for our Growth plan customers. If you don't know what plan you are on, please reach out to <a href="mailto:support@partnerpage.io" rel="nofollow noopener noreferrer" target="_blank">support@partnerpage.io</a>, or visit your in-app billing view.

All SSO connections are set up with our engineering team at this time. There is no self-serve SSO configuration available in the application.

Please provide your customer support representative with all of the following information:

<code>Sign In URL</code>: The URL where SAML authentication requests are sent. This is also called the single sign-on (SSO) endpoint.

<code>Sign Out URL</code>: The URL where SAML logout requests are sent. This is also called the single logout (SLO) endpoint.

<code>X509 Signing Certificate</code>: The public-key certificate of the identity provider (IdP). This is required by Auth0 to validate the signature of the authentication assertions that have been digitally signed by the IdP. Auth0 accepts the <code>.pem</code> and <code>.cer</code> formats.

The list of email domains the Enterprise Client uses for user authentication. Typically, a single domain is used for authentication via SSO. If your company uses multiple domains, for example for different subsidiary brands or for contractor workers, then you need to provide a list of all domains that should be captured for SSO authentication.

Verification that your SAML IdP provides the user’s email in a SAML attribute of the SAML assertions. The email SAML attribute field name must be <code>"&lt;http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress&gt;"</code>

1. <code>Sign In URL</code>: The URL where SAML authentication requests are sent. This is also called the single sign-on (SSO) endpoint.
2. <code>Sign Out URL</code>: The URL where SAML logout requests are sent. This is also called the single logout (SLO) endpoint.
3. <code>X509 Signing Certificate</code>: The public-key certificate of the identity provider (IdP). This is required by Auth0 to validate the signature of the authentication assertions that have been digitally signed by the IdP. Auth0 accepts the <code>.pem</code> and <code>.cer</code> formats.
4. The list of email domains the Enterprise Client uses for user authentication. Typically, a single domain is used for authentication via SSO. If your company uses multiple domains, for example for different subsidiary brands or for contractor workers, then you need to provide a list of all domains that should be captured for SSO authentication.
5. Verification that your SAML IdP provides the user’s email in a SAML attribute of the SAML assertions. The email SAML attribute field name must be <code>"&lt;http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress&gt;"</code>

Once the PartnerPage engineering team has received the above information, we will provide you the following information for your IdP configuration, including the proper connection name in the place of <code>&lt;SAML_CONNECTION_NAME&gt;</code>:

Assertion Consumer Service URL (aka post-back URL):

- <code>https://login.partnerpage.io/login/callback?connection=&lt;SAML_CONNECTION_NAME&gt;</code>

- <code>urn:auth0:outwork:&lt;SAML_CONNECTION_NAME&gt;</code>

1. Assertion Consumer Service URL (aka post-back URL):
 - <code>https://login.partnerpage.io/login/callback?connection=&lt;SAML_CONNECTION_NAME&gt;</code>
2. Entity ID:
 - <code>urn:auth0:outwork:&lt;SAML_CONNECTION_NAME&gt;</code>

Other standard configuration details are:

- <a href="https://outwork.auth0.com/pem" rel="nofollow noopener noreferrer" target="_blank">https://outwork.auth0.com/pem</a> or <a href="https://outwork.auth0.com/cer" rel="nofollow noopener noreferrer" target="_blank">https://outwork.auth0.com/cer</a>

- Protocol Binding:
 - <code>HTTP-POST</code>
- Sign Request Algorithm
 - <code>RSA-SHA256</code>
- Sign Request Algorithm Digest
 - <code>SHA256</code>
- PartnerPage certificate:
 - <a href="https://outwork.auth0.com/pem" rel="nofollow noopener noreferrer" target="_blank">https://outwork.auth0.com/pem</a> or <a href="https://outwork.auth0.com/cer" rel="nofollow noopener noreferrer" target="_blank">https://outwork.auth0.com/cer</a>

If your IdP supports importing of SAML configurations with an XML file, then PartnerPage will provide a link like the following:

<code>https://login.partnerpage.io/samlp/metadata?connection=&lt;SAML_CONNECTION_NAME&gt;</code>

Please provide your customer support representative with the following information:

<code>OpenID Connect Discovery URL</code>: The well known OpenID Connect discovery endpoint. (<a href="https://en.wikipedia.org/wiki/Well-known_URI" rel="nofollow noopener noreferrer" target="_blank">What is Well-known?</a>)

<code>Client ID</code>: The public identifier for the application that is requesting authentication from the identity provider, in this case the ID for PartnerPage that you have set up in your IdP.

<code>Client Secret</code>: The key value associated the with above Client ID. Be sure to share this securely, as it is sensitive.

1. <code>OpenID Connect Discovery URL</code>: The well known OpenID Connect discovery endpoint. (<a href="https://en.wikipedia.org/wiki/Well-known_URI" rel="nofollow noopener noreferrer" target="_blank">What is Well-known?</a>)
2. <code>Client ID</code>: The public identifier for the application that is requesting authentication from the identity provider, in this case the ID for PartnerPage that you have set up in your IdP.
3. <code>Client Secret</code>: The key value associated the with above Client ID. Be sure to share this securely, as it is sensitive.

If your IdP doesn't provide a discovery URL, you can send an OpenID Connect Metadata file instead, which is a JSON file of the configuration details.

PartnerPage support back channel connections for OIDC configurations. 

How do I set up Single Sign On (SSO) with PartnerPage?

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

How do I set up Single Sign On (SSO) with PartnerPage?

How to set up a SAML 2.0 connection:

How to set up an OIDC connection: