SAML Integration for Custom IAMs
Overview
This guide walks you through configuring SAML 2.0 Single Sign-On (SSO) between your Identity Provider (IdP) and Bambuser Virtual Commerce. Follow these steps to enable secure authentication for your organization.
If you're using Microsoft Azure, we recommend using our Microsoft Azure AD integration for a more seamless experience with native OIDC support and automated user provisioning.
Step 1: Verify Prerequisites
Before starting, ensure you have:
- Administrative access to your organization's Identity Provider (IdP)
- A verified domain for user email addresses
Manage Userspermission in Bambuser dashboard
Step 2: Configure Your Identity Provider
-
Log in to your IdP's administrative console
-
Create a new SAML 2.0 application
- Application Name:
Bambuser Virtual Commerce - Entity ID/Issuer:
bambuser_saml_service_provider - Reply URL (ACS URL):
- US:
https://svc-prod-us.liveshopping.bambuser.com/functions/auth/sso/saml/callback - EU:
https://svc-prod-eu.liveshopping.bambuser.com/functions/auth/sso/saml/callback
- US:
- Application Name:
-
Configure User Attributes
- Map the following attributes:
email→user.emailfirstName→user.firstNamelastName→user.lastName
- Map the following attributes:
-
Download the IdP Metadata (if available) or note down:
- IdP Entity ID/Issuer URL
- SSO URL (SAML Entrypoint)
- X.509 Certificate (PEM format)
Step 3: Share Configuration with Bambuser
Contact your Bambuser representative and provide the following information:
Required Information
- Domain: Your organization's email domain (e.g.,
yourcompany.com) - SAML Entrypoint URL: Your IdP's SAML SSO URL
- IdP Issuer: Your IdP's entity ID
- X.509 Certificate: Your IdP's public certificate (PEM format)
Optional Information
- Audience: Your application ID (if required by your IdP)
- Issuer ID: If different from the IdP Issuer
Step 4: Configure User Access
Option A: Manual User Management (Default)
Manage users/roles manually in the Bambuser dashboard.
For each new user:
- Add them to your IdP
- Manually create their account in the Bambuser dashboard
- Assign appropriate roles and permissions on the Bambuser dashboard
Option B: Group-based Management (Recommended)
Only available for Live and Video Consultation at the moment. We are working on adding support for Shoppable Video and Chat in the future.
Manage users/roles through groups in your IdP.
- In your IdP, create groups for different permission levels (e.g.,
bambuser-owner,bambuser-moderator) - Share the group names with your Bambuser representative
- Bambuser team will map these groups to existing roles in Bambuser ecosystem
Step 5: Test and Verify Your Integration
Once the SAML configuration is completed by Bambuser on your workspace, you can test the integration by logging in to the Bambuser dashboard.
-
Test authentication flow
-
Verify user attributes
- Check that user details (name, email) are correctly passed
- Verify role assignments
If you have a separate Bambuser workspace for testing, you can ask us to setup a separate SAML integration for testing.
- Use a test domain (e.g.,
test.yourcompany.com) to avoid impacting production users - Create test users in your IdP
Optional: Automated User Provisioning (SCIM)
For organizations requiring automated user provisioning and deprovisioning, you can implement a custom SCIM (System for Cross-domain Identity Management) integration using our public API. This allows for:
- Automatic user creation when added to your IdP
- Role and permission synchronization
- Immediate access revocation when users are deprovisioned
To implement SCIM integration:
- Review our API documentation for user management endpoints
- Develop a SCIM service that interfaces with your IdP
- Contact support to enable the necessary API access
SCIM implementation requires development resources and is recommended for organizations with significant user management needs.
Support
For assistance, contact:
- Your dedicated Bambuser representative
- Or our support team at support@bambuser.com (Subject: "Custom SAML Integration")