Nexus Hub & AWS Cognito & Active Directory (SAML)

Please contact Nexus Support at support@nexuscenter.io to request your tenant-specific data set

Customers can allow their users to sign in to the Nexus Experience Hub through a SAML identity provider (IdP), such as Microsoft Active Directory Federation Services (ADFS). Alternatively, you can opt for any other IdP that supports the SAML 2.0 standard

Workflow


Step 1

Customer requests SSO configuration at support@nexuscenter.io


Step 2

Nexus Team provides the following data to the customer:


  1. Identifier/Entity ID, urn:amazon:cognito:sp:<cognito-pool-id> , e.g. urn:amazon:cognito:sp:us-west-2_XX321xxXXX
  2. Reply URL, https://csp-<tenant-alias>.auth.us-west-2.amazoncognito.com/saml2/idpresponse , e.g. https://csp-signet.auth.us-west-2.amazoncognito.com/saml2/idpresponse
  3. Sign on URL, https://<tenant-alias>.hub.nexuscenter.io/platform , e.g. https://signet.hub.nexuscenter.io/platform

Step 3

Customer team configures SAML identity provider on their end. Customer team should send over the Federation Metadata XML file to Signet (SAML Signing Certificate) and provide metadata mapping


Metadata mapping

Please provide SAML attributes for the following items:

Item Attribute
Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Family Name (Last Name) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

“Name” - attribute that corresponds to full name of user, ex.: John Doe

”Given Name (First Name)” - attribute that corresponds to first name of user, ex.: John

”Family Name (Last Name)” - attribute that corresponds to last name of user, ex.: Doe

”Email” - attribute that corresponds to email address of user that usually and acts as login, ex.: john.doe@example.com