Magento 2 SAML Single Sign On - IAM Digital Services 1.11.0

The extension is compatible with Magento CE, Magento EE, and its Cloud Edition.

Add SAML Single Sign-On support for customers to your Magento 2 instance. If you are working with a partner/company that has implemented a SAML identity provider, you can use this extension to interoperate with it, thereby enabling SSO and Just-in-Time provisioning for customers. It works with any IDP provider which supports the SAML 2.0 standard. The module was implemented by Sixto Martin, author of 15+ SAML plugins and several SAML toolkits. The module was implemented for Magento 2, If you are interested in a SAML module compatible with Magento 1.X, find it here.

Customers are happy with the SAML extension and the support received. Companies like Cisco, Erickson, Philips, Royal Mail, Securitas, Mazda, Proclinic, Tendam, Woodmark, Toyota, Hilton, PWC, Deloitte; as well as Medical Associations, ONGs as well as Universities, trusted in the SAML extension. The extension adds a link, "Login via Identity provider" to the customer login form. Following the link initiates a series of redirects that are described by SAML 2.0 standard. The customer authenticates against the SAML Identity Provider and then information about the user, group, and address are sent to Magento. Magento authenticates the customer and lets him in.



Features

• Easily switch On/Off the SAML Module.
• Supports Magento Multi-stores.
• Allow to Login via any SAML Identity Provider, supporting
  Single Sign-On, IdP, and SP initiated. (POST and Redirect bindings)
• Supports Single Log Out, IdP and SP initiated. (Redirect binding)
• Supports IdP certificate rotation.
• Supports SAML Messages signed and encrypted.
• Supports Just-In-Time Provisioning: Auto-create user accounts on the fly, with the data provided by the Identity Provider.
• Support for: customer data, group, address, custom attributes.
• Attribute, Group, Address Mapping: Ability to set the mapping between IdP fields and Magento fields.
• Customizable SSO link text.
• Customizable workflows.
• Force SAML: Force SAML flow when user access login page, IP whitelist
• SAML Only: Users which email matches an email must log only via SAML.

Settings

• Status. To enable or disable the extension.
• Identity Provider. Set parameters related to the IdP that will be connected with our Magento.
• Options. The behavior of the extension.
• Protect Options. Protection features
• Attribute Mapping. Set the mapping between IdP fields and Magento user fields.
• Group Mapping. Set the mapping between IdP groups and Magento groups.
• Address Mapping. Set the mapping between IdP fields and Magento address fields
• Custom Mapping. Set the mapping between IdP fields and Magento custom fields. You will also be able to identify Magento accounts by a custom field instead of the mail.
• Custom messages. To handle what messages are shown in the login form.
• Advanced settings. Handle some other parameters related to customizations and security issues.

Use Cases

Supports:

• IdP-initiated Single Sign-On
• A SAMLRequest is sent to the Identity Provider, customer authenticates against the SAML Identity Provider and then information about the user, group and address are sent to Magento in a SAMLResponse, Magento SAML extension validates the SAMLResponse, authenticate customer (provisioning a new account if required and the feature is enabled) and let him in.
• SP-initiated Single Sign-On
• Like the previous scenario, but here the SAML Response is directly sent by the Identity Provider and processed by the Magento SAML extension.
• SP-initiated Single Logout
• A SAML Logout Request is sent to the Identity Provider, the IdP close its session and the session of other related Service Providers and sent back a Logout Response to the Magento instance that will close the session.
• IdP-initiated Single Logout
• A SAML Logout Request is sent by the Identity Provider, the Magento instance validates it, close its session and reply back a SAML Logout Response.

Support/Warranty

Support by email guaranteed. Get a reply in less than 48hr (business days)



License Warning

Use as License Key the Order ID of the purchase. When you purchase the extension, you can use it in one M2 instance. In the case of M2 running multi-sites, the license cover 3 stores using SAML SSO. If you require more stores, contact sixto.martin.garcia@gmail.com to discuss the terms. Test and developer environments can use the extension without requiring an additional license.

Identity Providers Supported

Find here a list of some of the Identity Providers supported. (Links refer to its official documentation to configure a SAML integration).

• OneLogin
• Okta
• Auth0, Auth0 Enterprise
• ADFS
• Azure AD and Azure AD B2C
• Keycloak
• Salesforce
• Shibboleth
• simpleSAMLphp
• Google
• AWS SSO
• Centrify
• Forgerock (OpenAM)
• Ping Identity
• RSA
• IBM
• Oracle
• WSO2
• NetIQ
• SecureAuth
• Citrix Netscaler
• F5 BIG-IP