User Federation (SSO)
It's possible to use User/Identity Federation with a custom SAML App or using OpenID Connect (OIDC). The following details will be used to configure your Identity Provider (IdP) in order to connect with Red Marker.
OIDC Apps
What your IT department needs:
For setting up OIDC you will need to provi the following details to IT:
- Grant Type: Authorization Code
- Scopes: OpenID, Profile
- Redirect URL: See below...
UAT (User Acceptance Testing)
| Redirect URL | |
|---|---|
| Primary | https://auth.uat.redmarker.ai/oauth2/idpresponse |
APAC Region
| Redirect URL | |
|---|---|
| Primary | https://auth.redmarker.ai/oauth2/idpresponse |
| Backup | https://auth.tokyo.redmarker.ai/oauth2/idpresponse |
US Region
| Redirect URL | |
|---|---|
| Primary | https://redmarker-sso-us.auth-fips.us-east-1.amazoncognito.com/oauth2/idpresponse |
| Backup | https://redmarker-sso-uswest.auth-fips.us-west-2.amazoncognito.com/oauth2/idpresponse |
EMEA Region
| Redirect URL | |
|---|---|
| Primary | https://auth.emea.redmarker.ai/oauth2/idpresponse |
What you need to provide Red Marker:
The following parameters need to be provided to Red Marker.
- Client ID: Unique ID
- Client Secret: Secret
- Issuer URL: The URL of your OIDC IdP
SAML Apps
What your IT department needs:
Red Marker is designed to use the Service Provider (SP) Initiated flow. The details below will used to configure your IdP depending on your desired region of operation and authentication mechanism. Should you require a signing certificate this can be provided on request.
Attribute Mapping
Red Marker expects a mapping of a User's primary email address to the email attribute in the SAML assertion.
This is a critial step in setting up your SAML app.
Service Provider (SP) Details
Production
APAC Region
| Environment | Entity ID | ACS URL |
|---|---|---|
| Primary | urn:amazon:cognito:sp:ap-southeast-2_MBNCgB1ya | https://auth.redmarker.ai/saml2/idpresponse |
| Backup | urn:amazon:cognito:sp:ap-northeast-1_jomZoDj8U | https://auth.tokyo.redmarker.ai/saml2/idpresponse |
US Region
| Environment | Entity ID | ACS URL |
|---|---|---|
| Primary | urn:amazon:cognito:sp:us-east-1_vyBHYP4ki | https://redmarker-sso-us.auth-fips.us-east-1.amazoncognito.com/saml2/idpresponse |
| Backup | urn:amazon:cognito:sp:us-west-2_3CQRAmKSg | https://redmarker-sso-uswest.auth-fips.us-west-2.amazoncognito.com/saml2/idpresponse |
EMEA/EU Region
| Environment | Entity ID | ACS URL |
|---|---|---|
| Primary | urn:amazon:cognito:sp:eu-west-2_2RPe0Biwn | https://auth.emea.redmarker.ai/saml2/idpresponse |
| Backup | urn:amazon:cognito:sp:eu-west-1_BjqNcpdXj | https://auth.ireland.redmarker.ai/saml2/idpresponse |
User Acceptance Testing (UAT)
APAC Region
| Environment | Entity ID | ACS URL |
|---|---|---|
| Primary | urn:amazon:cognito:sp:ap-southeast-2_8eEGmFH46 | https://auth.uat.redmarker.ai/saml2/idpresponse |
UAT Availability
The UAT Environment is refreshed from the production environment regularly as such should be considered ephemeral. Also note the UAT environment is decommissioned between 7pm - 7am AEST and on weekends.
If an extended UAT window is required, please contact support@redmarker.ai with details and three business days notice for these operating hours to be adjusted.
What you need to provide Red Marker:
After you have successfully configured your IdP, you will need to provide a Metadata.xml file back to Red Marker. More details on this can be found here.
Also, you will need to provide a list of the email domain's being used by your IdP.