Single Sign On

Vouch supports Secure Assertion Markup Language 2.0 (SAML), which allows you to provide single sign-on (SSO) for both the Vouch Admin User Interface, Vouch Recorder and Vouch Playlinks using enterprise identity providers such as Active Directory and LDAP.

By using SAML, a user is automatically verified with the identity provider when they sign in. The user can then access the various parts of the Vouch Platform without being prompted to enter separate login credentials.

Key benefits of Vouch's SSO offering include:

  • Clients are able to enforce their respective password standards
  • Access to Vouch is routed through the client’s Identity Provider (IdP)
  • Clients are able to revoke access to any system, including Vouch, by locking the account and/or changing the password
  • Clients can implement their own Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) standards
  • End Users are able to leverage the same credentials they use for other systems
  • Clients are able to implement their own polices around Password resets
  • Staff are discouraged from sharing their accounts
  • Respondent details, such as Name, Role and Department are consistent across services.

Configuration Details

Configure Vouch service provider with attributes as follows

Single Sign on URL:
https://auth.vouchfor.com/saml2/idpresponse

Audience URL (Entity ID):
urn:amazon:cognito:sp:ap-southeast-2_YlUs4JR15

Attribute Statement:
Required:
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Value: user.email

Optional (Recommended for Audience SSO)
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Value: user.firstName + " " + user.lastName

Name: <http://schemas.xmlsoap.org/ws/2005/05/identity/claims/title>
Value: user.title

Name: <http://schemas.xmlsoap.org/ws/2005/05/identity/claims/organization>
Value: user.organization

Instructions

Vouch Single Sign On (SSO) offering is designed to work with organisations own Identity Provider services, such as Active Directory and LDAP, as well as online SAML services, such as Okta or Azure.

To setup Single Sign On (SSO) for your organization, navigate to the Single Sign On section within your Vouch Account.

From here you can decide whether to enable SSO for Admin Users and/or Audience Users.

Information on setting up both SSO instances are listed below.


Admin Users

Enabling SSO for Admin Users will force all employees to need to authenticate through your IdP in order to access the Vouch Admin User Interface (https://admin.vouchfor.com)

By clicking on this option, you will be provided the Single Sign on URL: and Audience URL (Entity ID): values and add to your IDP.

Depending on your IDP, this should generate either a Metadata file or URL which you can then add to finish the setup process.

It is recommended when configuring your IdP you also specify the attribute statement for Email Address.

Audience Users

Enabling SSO for Audience Users will force all employees to need to authenticate through your IdP in order to access the Vouch Recorder and/or Playlink.

By clicking on this option, you will be provided the Single Sign on URL: and Audience URL (Entity ID): values and add to your IDP.

Depending on your IDP, this should generate either a Metadata file or URL which you can then add to finish the setup process.

It is recommended when configuring your IdP you also specify the attribute statement for Email Address, Name, Title and Organization.

For specific guides for Okta and Azure, click on the respective links below: