294
LoanBeam supports SSO via SAML 2.0 (Microsoft Azure)
SSO Connectivity to LoanBeam
LoanBeam provides SSO connectivity to its clients through IDP initiated authentication.
Client user initiates SSO through an IDP initiated URL to gain access to LoanBeam. The IDP generates a SAML request which will contain various attributes like user email, user first name and user last name. The SAML request is posted to the LoanBeam assertion URL where it gets authenticated and parsed based on client X.509 certificate and SAML attributes. Valid users (based on Email ID attribute) are allowed access to the Loanbeam system
Technical Specifications
|
Environment - Stage |
Specifications |
|
SAML Version |
SAML 2.0 |
|
SAML Audience |
https://stageweb.loanbeam.com/ |
|
Assertion URL |
https://stageweb.loanbeam.com/Assertion/AssertionConsumerService |
|
Attribute Name |
USER_EMAIL, FIRST_NAME, LAST_NAME |
|
SSO Login URL |
<Client side IDP login URL> |
|
SSO Logout URL |
<Client side IDP logout URL> |
|
Signed Assertion |
Required |
|
Assertion Validity |
60 secs |
|
Partner Certificate |
Required |
|
Environment - Production |
Specifications |
|
SAML Version |
SAML 2.0 |
|
SAML Audience |
https://secure.loanbeam.com/ |
|
Assertion URL |
https://secure.loanbeam.com/Assertion/AssertionConsumerService |
|
Attribute Name |
USER_EMAIL, FIRST_NAME, LAST_NAME |
|
SSO Login URL |
<Client side IDP login URL> |
|
SSO Logout URL |
<Client side IDP logout URL> |
|
Signed Assertion |
Required |
|
Assertion Validity |
60 secs |
|
Partner Certificate |
Required |
On-boarding Steps
Following steps are performed to on-board an account with SSO integration
- Create an account in Stage and activate it using the seed user.
- Provide Loanbeam with
- Filled out SSO form.
- X.509 certificate for authenticating SAML information.
- Loanbeam team converts the account to SSO.
- Test Stage account for connectivity.
- Create Production account and repeat steps (1 – 4)
