SAML/SSO Auth configuration guide
This guide details how you can use SAML/SSO configuration on Dutchie POS using your own internally managed system.
Here you’ll find steps for:
Things to consider
- Certain features need to be enabled in the Backoffice to set up SAML/SSO. Contact your Dutchie Administrator to ensure these features are enabled.
- Single logout: If you have this feature configured, when users log out of Dutchie they are also logged out of their internal directory service.
SAML/SSO Auth configuration
SAML should only be used for authentication of users, if you would like to use SAML/SSO for provisioning, you should utilize the SCIM in addition to SAML/SSO, see Configure SCIM Provisioning.
- Go to Settings > Integrations.
- Click the SSO card.
- Select the IDP1 tab.
- Fill out the form.
Note: Everything you need can be in the Federation Metadata XML file in Azure. The following fields are required:
- Entity ID
- Login URL
- Logout URL (Optional: Only if single logout is configure)
- SP Initiated URL Suffix
- Certificate 1
- Use Dutchie Permissions must be checked. This means that users must exist and have permission in Dutchie. If you want to provision users via IDP, you will need to enable SCIM.
- Click Save to populate the Dutchie Metadata as seen below.
Note: This image is for example used only.
Authenticate Azure AD users for SAML
- Select SAML as your single sign-on method. You will be prompted to set up your single sign on with SAML.
- Click the Edit icon in box 1 and enter your Entity IDs and URLs.
- Under Identifier (Entity ID) click Add Identified and add the Entity ID from the Dutchie Metadata.
- Add the Reply URL and Sign on URL in the fields.