Please note that the information in this article is intended for YayPay Development purposes only.

If you require assistance with YayPay Production, contact Quadient Support at support@quadient.com. They will help you set up single sign-on in Quadient Hub.

YayPay Development SSO Setup

YayPay supports SSO using SAML 2.0 protocols. 

As examples, this article provides instructions for Microsoft Azure Active Directory and Onelogin. Configuring SSO using other SAML 2.0 providers should be similar.

Other providers are subject to be reviewed prior to implementation. Please, contact support@yaypay.com if using another provider.

Configuring Microsoft Azure SSO 

In Microsoft Azure, do the following:

1. Create an enterprise application for YayPay.
   Learn how to do that in Microsoft's documentation on adding an enterprise application to Azure Active Directory.
2. Enable SAML single sign-on for the created application.
   Learn how to do that in Microsoft's documentation on enabling single sign-on.
3. Use the following values for the Basic SAML Configuration, depending on the environment in which your YayPay instance is running:

   Environment	Entity ID	Reply URL
   Development (developer.yaypay.com)	yaypay-apienv	https://developer.yaypay.com/saml/SSO

   
   

   Here is an example SAML configuration done for the US development environment:

   
   

   Delete

   Note

   If there are multiple YayPay instances / Subsidiaries, all Subsidiaries must be configured with SSO at the same time (if the Subsidiaries are assigned to the YayPay User’s access, found under User Management). If not done at the same time, the user’s selection of Subsidiaries displayed in the drop-down beside their login profile/username will be affected.

4. Add users or groups as needed to your enterprise application in Microsoft Azure.
   Learn how to do that in Microsoft's documentation on assigning users and groups to an application.

In Yaypay, do the following:

1. Go to the Settings | Business page and navigate to the Single Sign-On block.
2. Check the Enable Single Sign-On checkbox.
3. Provide the required SSO data:
   • Federation metadata- Provide the federation metadata in one of the following ways:
     • Download the federation metadata XML file from Microsoft Azure and upload it into YayPay:
       
     • Copy the federation metadata URL from Microsoft Azure and paste it into YayPay:
       
   • SAML certificate - Download the certificate from Microsoft Azure and upload it into YayPay:
     
4. Finish the SSO configuration by clicking on SAVE CHANGES.
5. Create YayPay users to match the users you created in Azure AD:
   1. Go to the Settings | User Management page.
   2. Create Admins, AR Specialists, or Sales/CS by clicking on the Add User button on the corresponding tab.
   3. Keep in mind that a user's email address must match in both YayPay and Azure AD, as that is the key field used for authentication.
6. Log in to YayPay via SSO:
   1. Go to your Microsoft App Dashboard at https://myapps.microsoft.com/.
   2. Log in to the dashboard as a user that exists both in Azure AD and YayPay.
   3. Click on the enterprise application that you have created for YayPay to be redirected to YayPay as a user logged via SSO.

Additional information:

For Azure: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

For Okta: https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Apps.htm?cshid=Applications_Applications#Applications_Applications

Configuring OneLogin SSO

In OneLogin, do the following:

1. Add a new application (representing YayPay) to your OneLogin account:
   1. Log in to OneLogin as an administrator.
   2. Go to the Applications tab.
   3. Click on the Add App button.
   4. Search for the following application type: SAML Custom Connector (Advanced).
   5. Perform the initial setup and click on the Save button.
2. Configure the application:
   1. Use the following values for the Configuration | Application details settings, depending on the environment in which your YayPay instance is running:
      
      Development (developer.yaypay.com):

      Setting	Value
      Audience (EntityID)	yaypay-apienv
      ACS (Consumer) URL Validator	^https:\/\/developer\.yaypay\.com\/saml\/SSO$
      ACS (Consumer) URL	https://developer.yaypay.com/saml/SSO

       
   3. Keep the default values for the rest of the Configuration | Application details settings.
   4. Click on the Save button.
3. Add users or groups as needed to your application in OneLogin.
   Learn how to do that in OneLogin's documentation on manually assigning apps to users.

In YayPay, do the following:

1. Go to the Settings | Business page and navigate to the Single Sign-On block.
2. Check the Enable Single Sign-On checkbox.
3. Provide the required SSO metadata:
   1. Go to the SSO tab of the application that you created in OneLogin.
   2. Copy the value of the Issuer URL field:
      
   3. Run that URL in your browser to download a metadata XML file.
   4. Upload that metadata XML file into YayPay:
      
4. Finish the SSO configuration by clicking on SAVE CHANGES.
5. Create YayPay users to match the users you created in OneLogin:
   1. Go to the Settings | User Management page.
   2. Create Admins, AR Specialists, or Sales/CS by clicking on the Add User button on the corresponding tab.
   3. Keep in mind that a user's email address must match in both YayPay and OneLogin, as that is the key field used for authentication.
6. Log in to YayPay via SSO:
   1. Go to your company's OneLogin portal at https://<company>.onelogin.com/portal.
   2. Log in to the portal as a user that exists both in OneLogin and YayPay.
   3. Click on the application that you have created for YayPay to be redirected to YayPay as a user logged via SSO.