Skip to main content

SAML

Leah can integrate with external identity providers using the SAML 2.0 standard.

This allows an organization to work as an identity provider within Leah Web. In this way, users registered on platforms that belong to the organization will also be able to log in to Leah Web.

Information required by the external provider

The identity provider needs to add information about how to contact Leah's Account Service. The required parameters are the following:

1. Assertion consumer endpoint:

Endpoint: https://staging.accounts.leahapp.com/saml2/idpresponse

warning
  • You can't repeat, or replay, a SAML assertion to the endpoint. A replayed SAML assertion has an assertion ID that duplicates the ID of an earlier identity provider response.

2. Service Provider (SP) urn:

urn: urn:amazon:cognito:sp:us-east-1_B1LpanekR

3. Sign-out endpoint (optional)

Endpoint: https://staging.accounts.leahapp.com/saml2/logout

info
  • Required only if you want Leah to send signed logout requests to the provider when a user logs out. This allows for simultaneous logout between Leah and the SAML provider.
  • The endpoint uses POST binding.
warning

If the SAML provider expects a signed logout request, you will also need to configure the signing certificate that Leah provides. This certificate can be delivered via email. Contact the developer or agent managing your partnerships.

Information required by Leah

1. Metadata document URL

This document is issued by the provider and can be a URL where the metadata is obtained or a file. It includes the name of the issuer, expiration information, and keys that can be used to validate the response coming from the identity provider.

2. User attributes

Leah requires that there be at least one field with the user's email. A sample SAML assertion is required to be able to find the user's attribute names in the provider and map them in Leah.