OpenWater

Security Assertion Markup Language (SAML), specifically SAML 2.0 is the protocol of choice for large organizations, health care institutions, and universities. OpenWater supports SAML authentication.

SAML is used by a lot of places and systems, here is a small list of compatible providers:

- Okta
- Auth0
- Microsoft Active Directory
- Google Suite / Google Workspaces
- Microsoft 365 / Dynamics
- Salesforce

<a href="https://help.getopenwater.com/en/articles/6473292-getting-started-with-integrations-hub" target="_blank" rel="nofollow noopener noreferrer">Get Started</a> with Integrations Hub

Add a new Single Sign On connector for Custom SAML

The Process URL is something you'll need to give your IT administrator. This is the ACS Url, or the SP Url, in other words this is where SAML will send the resulting successful login back to. Your IT administrator should be able to give you the Login Url, which is the IdP Url, the SAML Version (1 or 2), and the certificate. The Entity ID is typically OpenWater, but you can enter whatever entity ID used to assign.

Toggle to Field Mapping and click on the No Fields have been provided yet, hyperlink

If all worked well you'll see a message like this

Refresh the integrations hub page, and now proceed to map the fields

Now head back to Settings, and Copy

Then head to OpenWater and update the Login Configuration. Set it to Json Web Token and paste in the Begin Url to the Login Url, and enter the shared secret set in step 1.

Great,  you can now save this and load up your site in an incongnito window, then test out your login.

1. <a href="https://help.getopenwater.com/en/articles/6473292-getting-started-with-integrations-hub" target="_blank" rel="nofollow noopener noreferrer">Get Started</a> with Integrations Hub
 
2. Add a new Single Sign On connector for Custom SAML 

3. The Process URL is something you'll need to give your IT administrator. This is the ACS Url, or the SP Url, in other words this is where SAML will send the resulting successful login back to. Your IT administrator should be able to give you the Login Url, which is the IdP Url, the SAML Version (1 or 2), and the certificate. The Entity ID is typically OpenWater, but you can enter whatever entity ID used to assign. 
 
 
4. Press Save 
5. Toggle to Field Mapping and click on the No Fields have been provided yet, hyperlink

6. If all worked well you'll see a message like this 

7. Refresh the integrations hub page, and now proceed to map the fields 

8. Press Save 
9. Press Publish
 
10. Now head back to Settings, and Copy 

11. Then head to OpenWater and update the Login Configuration. Set it to Json Web Token and paste in the Begin Url to the Login Url, and enter the shared secret set in step 1. 
 
 
12. Great, you can now save this and load up your site in an incongnito window, then test out your login.

Use the Integrations Hub module to connect a single sign on with any generic identity provider that supports SAML (ex. Okta, Auth0, AAD).