Skip to content

User Federation (SSO)

It's possible to use User/Identity Federation with a custom SAML App or using OpenID Connect (OIDC). The following details will be used to configure your Identity Provider (IdP) in order to connect with Red Marker.

OIDC Apps

What your IT department needs:

For setting up OIDC you will need to provi the following details to IT:

  • Grant Type: Authorization Code
  • Scopes: OpenID, Profile
  • Redirect URL: See below...
UAT (User Acceptance Testing)
Redirect URL
Primary https://auth.uat.redmarker.ai/oauth2/idpresponse
APAC Region
Redirect URL
Primary https://auth.redmarker.ai/oauth2/idpresponse
Backup https://auth.tokyo.redmarker.ai/oauth2/idpresponse
US Region
Redirect URL
Primary https://redmarker-sso-us.auth-fips.us-east-1.amazoncognito.com/oauth2/idpresponse
Backup https://redmarker-sso-uswest.auth-fips.us-west-2.amazoncognito.com/oauth2/idpresponse
EMEA Region
Redirect URL
Primary https://auth.emea.redmarker.ai/oauth2/idpresponse

What you need to provide Red Marker:

The following parameters need to be provided to Red Marker.

  • Client ID: Unique ID
  • Client Secret: Secret
  • Issuer URL: The URL of your OIDC IdP

SAML Apps

What your IT department needs:

Red Marker is designed to use the Service Provider (SP) Initiated flow. The details below will used to configure your IdP depending on your desired region of operation and authentication mechanism. Should you require a signing certificate this can be provided on request.

Service Provider (SP) Details

Production

APAC Region
Environment Entity ID ACS URL
Primary urn:amazon:cognito:sp:ap-southeast-2_MBNCgB1ya https://auth.redmarker.ai/saml2/idpresponse
Backup urn:amazon:cognito:sp:ap-northeast-1_jomZoDj8U https://auth.tokyo.redmarker.ai/saml2/idpresponse
US Region
Environment Entity ID ACS URL
Primary urn:amazon:cognito:sp:us-east-1_vyBHYP4ki https://redmarker-sso-us.auth-fips.us-east-1.amazoncognito.com/saml2/idpresponse
Backup urn:amazon:cognito:sp:us-west-2_3CQRAmKSg https://redmarker-sso-uswest.auth-fips.us-west-2.amazoncognito.com/saml2/idpresponse

User Acceptance Testing (UAT)

APAC Region
Environment Entity ID ACS URL
Primary urn:amazon:cognito:sp:ap-southeast-2_8eEGmFH46 https://auth.uat.redmarker.ai/saml2/idpresponse

UAT Availability

The UAT Environment is refreshed from the production environment regularly as such should be considered ephemeral. Also note the UAT environment is decommissioned between 7pm - 7am AEST and on weekends.

If an extended UAT window is required, please contact support@redmarker.ai with details and three business days notice for these operating hours to be adjusted.

Attribute Mapping

Red Marker expects a mapping of a User's primary email address to the email attribute in the assertion.

What you need to provide Red Marker:

After you have successfully configured your IdP, you will need to provide a Metadata.xml file back to Red Marker. More details on this can be found here.

Also, you will need to provide a list of the email domain's being used by your IdP.