To set up SAML Single Sign-On (SSO), Unimarket acts as the Service Provider (SP), and your organization acts as the Identity Provider (IdP). This three-step process establishes a secure "handshake" to allow users to log in seamlessly.

Step 1: Identify Environment Credentials

Unimarket provides unique credentials for your Demo and Production environments. You must replace customerdomain in the URLs below with your organization's specific Unimarket domain name.

Recommendation: Always configure and test in the Demo environment first before moving to Production.

Demo

• Login URL (Assertion Consumer Service): https://customerdomain.unimarket-demo.com/saml/login
• Entity ID (Audience URI): https://customerdomain.unimarket-demo.com/saml/sp

Production (US)

• Login URL (Assertion Consumer Service): https://customerdomain.unimarket.com/saml/login
• Entity ID (Audience URI): https://customerdomain.unimarket.com/saml/sp

Production (AU)

• Login URL (Assertion Consumer Service): https://customerdomain.unimarket.com.au/saml/login
• Entity ID (Audience URI): https://customerdomain.unimarket.com.au/saml/sp

Production (NZ)

• Login URL (Assertion Consumer Service): https://customerdomain.unimarket.co.nz/saml/login
• Entity ID (Audience URI): https://customerdomain.unimarket.co.nz/saml/sp

Step 2: Exchange Metadata

The technical "handshake" is established through an exchange of XML metadata files.

1. Customer Action: Provide Unimarket with your IdP Metadata (via URL or XML file).

2. Unimarket Action: Unimarket plugs your metadata into the platform.

3. Result: This generates the Unimarket SP Metadata, which is then shared back with you to complete your internal configuration.

Important: Unimarket cannot generate its metadata, until your IdP metadata has been successfully uploaded into our system.

Step 3: Attributes and Provisioning

Once the connection is established, you must align the data being passed between systems.

• Attribute Mapping: Ensure that user identifiers (like email or employee ID) are mapped identically, on both ends.

• Provisioning Logic: Decide on your user management strategy:

  • Auto-Provision / Create Users "On": New users are automatically created in Unimarket upon their first successful SSO login.

  • Auto-Provision / Create Users "Off": Users must already exist in Unimarket (via manual entry or file upload) to log in via SSO.

• Authentication Age: Confirm the maximum session/authentication age allowed. This value must match on both the Customer and Unimarket sides, to prevent login errors.

Troubleshooting the "Handshake"

If the initial test fails, verify the following:

• Certificates: Ensure the signing certificates in the metadata have not expired.

• Clock Skew: Check that the system clocks on your IdP server are synchronized (NTP).

• Firewalls: Ensure your network allows outbound requests to the Unimarket login URLs.