Security Assertion Markup Language (SAML)

To set up a SAML integration, you will need to send the following to your customer success manager:

• Sign in URL
• X509 Signing Certificate

We will set up the SSO for you using this information. You may need a callback URL when configuring the SSO on your side, this is different depending on the environment:

• If you are integrating with a sandbox DataGuard CPM tenant then use this URL:
  https://sandbox-consentric.eu.auth0.com/login/callback
• If you are integrating with a production DataGuard CPM tenant in the UK then use this URL:
  https://consentric.eu.auth0.com/login/callback
• If you are integrating with a production DataGuard CPM tenant in the EU then use this URL:
  https://dgconsentde.eu.auth0.com/login/callback

Authorisation

Once the SSO has been set up, you will need to provide a custom SAML attribute to authorise your users. The key of the attribute should be ssoConsentricOptions, and the value should be stringified JSON with the following format:

{
  "<your-application-id>": {
    "roles": "PERMISSIONS_AGENT PERMISSIONS_ADMIN"
  }
}

The roles permit users to do different things in the UI:

• PERMISSIONS_AGENT: Allows the user to see information about any citizen stored in the CPM instance.
• PERMISSIONS_ADMIN: Allows the user to configure the CPM instance.