This article is aimed at a technical audience, and is likely to require the assistance of a system administrator for your Azure (or similar) set up to assist.
Click Travel uses SAML2 protocols to support service provider initiated (SP) authentication across a variety of identity providers, most commonly Microsoft Azure.
The functionality currently supported is:
- signing up with SSO to create a new account
- linking an existing Click Travel account to SSO, which can then be used to sign in
To integrate your SAML-compatible identity provider into our Single Sign On solution we require this information from you:
- The published URL for your public metadata.xml
- The name of the essential attribute(s) on your user profiles that need to be read. This would usually be an email address field which is unique for each user.
This information would usually be provided to your account manager who can pass it to the relevant technical team to begin the set up.
Your Single-sign on identity provider may need the following values:
- Remember that we only support service provider initiated sign in
- Audience: urn:amazon:cognito:sp:eu-west-1_5yBKr0ZB1
- Assertion Consumer Service (ACS): https://auth.clicktravel.com/saml2/idpresponse
- Sign on URL: https://my.clicktravel.com/
Once this connection has been established, your users will be able to link their existing accounts to SSO, or to sign up using their SSO identity if they are newly invited.
This video shows you how to configure the set up on your side and find your metadata URL, if you're an Azure user:
A transcript of this video is available