Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider can contact a separate online identity provider to authenticate users who are trying to access secure content.
Vestorly offers a SAML-based Single Sign-On (SSO) service that provides partner companies with control over authentication and authorization of hosted user-accounts. Using the SAML model, Vestorly acts as the service provider. Vestorly Advisor access is controlled through partners who act as identity providers. These partners maintain control over their usernames, passwords and other information in their organizations.
The Vestorly SSO service is based on the SAML v2.0 specifications. SAML v2.0 is supported by several widely known vendors such as PingFederate.
This section outlines the process for setup and provisioning of SAML for your organization.
Vestorly requires the following information:
Some SAML Identity Providers can accept importing metadata directly with all the required information. If needed, Vestorly can provide access to the metadata for this.
Vestorly will provide the following:
In addition, some assertions can be encrypted. Vestorly provides the following .CER formatted certificate:
Upon the user clicking login or first connecting to Vestorly, Vestorly will attempt to route login flow to a partner’s associated login page.
Vestorly Advisor Login –> Partner Organization’s SSO Login Page –> Vestorly SAML –> Vestorly Publisher page
Logout will reverse a user back to the organizations login page.
Dashboard SSO flow
When a user is within a partner’s site, they can follow a SAML assertion directly into Vestorly.
Partner Organization’s Dashboard Page –>Vestorly SAML –> Vestorly Publisher page
In addition to the standard SAML fields, Vestorly supports the additional mapping through these fields.
Vestorly also supports organization impersonation through the use the Attr_asst_* fields.