This article describes how to set up Velocity as a Service Provider (SP) using a SAML 2.0 Identity Provider (IdP) for authentication. Please contact us to enable this functionality before beginning the setup process.
We support the following Identity Providers:
Google G Suite SAML
If you're looking to configure Velocity with Okta, check out our docs on Configuring Velocity with Okta.
To configure your organization to use SAML for authentication, you will need administrator permissions within Velocity and your IdP.
Step 1. Choose a Sign In URL
Navigate to the SAML Settings page and choose a unique organization identifier that will form the last part of your ACS URL. Once you save that setting and copy the URL to your clipboard, you are ready to configure your IdP.
Velocity uses the following format for its Assertion Consumer Service (ACS) URLs:
“organization” is the unique organization identifier you entered in the SAML settings.
Step 2. Configure your IdP
Within your IdP, create a new SAML application for Velocity. Velocity uses the same URL for both the Service Provider (SP) Assertion Consumer Service (ACS) URL and Entity ID. Therefore, use these settings:
ACS URL/Reply URL: Paste the ACS URL from Step 1
Entity ID: Paste the ACS URL from Step 1
Velocity needs metadata about your IdP in order to successfully communicate with it using SAML. There are two options for this:
Your IdP may expose a publicly available IdP Metadata URL
Your IdP may expose an IdP Metadata XML file which you can download.
If both options are available, the URL is preferable, as it allows for the IdP to update metadata without your intervention.
Copy the IdP Metadata URL to your clipboard, or download the IdP Metadata XML file and copy the entire contents of the file to your clipboard for Step 3.
Velocity can use names and email addresses from your IdP when provisioning users. Setup metadata mappings for the following fields (note these are case sensitive):
FirstName -- The first name of the IdP user
LastName -- The last name of the IdP user
Email -- The email address of the IdP user
Step 3. Configure Velocity
Return to the SAML Settings within Velocity and paste the XML from Step 2 into the Identify Provider (IdP) XML Metadata field and save.
Step 4. Test your configuration
You should now be able to log out and log in to Velocity via your ACS URL. Now that you’ve validated, you can authenticate with SAML via your IdP.
Step 5. Require SAML authentication
You can enforce the requirement that all users within your Velocity organization sign in this way. New users must be invited to your Velocity organization, and they will need to authenticate via SAML to accept their invitations. Please contact us to enable this setting on your Velocity organization.