Technical Support
      Back to home
      1. Success Portal
      2. Technical Support

      SAML Authentication Integration Guide for ERM Libryo

      A comprehensive walkthrough for integrating SAML authentication with ERM Libryo, ensuring secure access management across identity providers

      This guide provides step-by-step instructions on how to integrate SAML (Security Assertion Markup Language) authentication for your organization with Libryo acting as the service provider or relying party. SAML enables secure, single sign-on (SSO) between your identity provider (IdP) and Libryo.

      1. Configuring Service Providers in Identity Provider

      • Supported Identity Providers:
        • Azure
        • Okta
        • Onelogin
        • Ping Identity
        • Custom SAML 2.0 Provider

      2. Required URLs from ERM Libryo's Side

      During the configuration process in your identity provider, you will be prompted to provide specific URLs from Libryo's side. Please use the following URLs:

      1. Assertion Consumer Service URL (ACS/Reply URL):

        • URL: https://my.libryo.com/auth/saml/{org_identifier}/callback
        •  This URL is where the identity provider sends the SAML assertion after a user has been authenticated.

      2. Identifier (Entity ID):

        • URL: https://my.libryo.com/auth/saml/{org_identifier}/metadata

        • The Entity ID uniquely identifies the Libryo service provider to the identity provider. It is used during the configuration process.

      3. ERM Libryo Metadata URL:

        • URL: https://my.libryo.com/auth/saml/{org_identifier}/metadata
        • This URL provides metadata about the Libryo service provider, including supported bindings, endpoints, and certificates. It is used by the identity provider to configure the service provider settings.

      4. ERM Libryo Single Login URL:

        • URL: https://my.libryo.com/auth/saml/{org_identifier}
        • This URL is used by users to initiate the single sign-on process. The users will be redirected to this URL to authenticate through the identity provider.

      5. ERM Libryo Single Logout URL:

        • URL: https://my.libryo.com/auth/saml/{org_identifier}/logout
        • This URL is used to initiate single logout, allowing users to log out of all connected services, including Libryo, in a federated environment.

      3. Set Up Assertions/Attributes/Claims

      During the configuration process in your identity provider, ensure that the following assertions/attributes/claims are set up:

      • Email
      • First Name
      • Last Name
      • NameID (a unique identifier, not necessarily the email)

      4. Enable SAML Authentication

      In your ERM Libryo organization settings:

      • Turn on "Enable SAML authentication for this organization."
      • Complete the required fields using the information provided above.
      • Click on "Save."

      For additional support or troubleshooting, refer to your identity provider's documentation or contact ERM Libryo support at ERM Libryo Support.

      Have any questions?

      At Libryo, we really want all our users to get the most from our system. We hope that this article was useful. If you still have some questions, please contact us.

      Contact Us