Application / Business & Account Settings

Single Sign-On for YayPay Development

Please note that the information in this article is intended for YayPay Development purposes only.

If you require assistance with YayPay Production, contact Quadient Support at support@quadient.com. They will help you set up single sign-on in Quadient Hub.


YayPay Development SSO Setup

YayPay supports SSO using SAML 2.0 protocols. 

As examples, this article provides instructions for Microsoft Entra ID and Onelogin. Configuring SSO using other SAML 2.0 providers should be similar.

Other providers are subject to be reviewed prior to implementation. Please, contact support@yaypay.com if using another provider.

Delete

Limitations

  • Only YayPay Admins can create users when SSO is enabled.
  • SSO must be set up for all YayPay subsidiaries that the users have access to.
  • The sales aging link will refer Sales & CS users to the identity provider login page.

Configuring Microsoft Entra ID SSO 

In Microsoft Entra ID, do the following:

  1. Create an enterprise application for YayPay.
    Learn how to do that in Microsoft's documentation on adding an enterprise application to Microsoft Entra ID.
  2. Enable SAML single sign-on for the created application.
    Learn how to do that in Microsoft's documentation on enabling single sign-on.
  3. Use the following values for the Basic SAML Configuration, depending on the environment in which your YayPay instance is running:
    Environment Entity ID Reply URL
    Development (developer.yaypay.com) yaypay-apienv https://developer.yaypay.com/saml/SSO


    Here is an example SAML configuration done for the US development environment:


    Delete

    Note

    If there are multiple YayPay instances / Subsidiaries, all Subsidiaries must be configured with SSO at the same time (if the Subsidiaries are assigned to the YayPay User’s access, found under User Management). If not done at the same time, the user’s selection of Subsidiaries displayed in the drop-down beside their login profile/username will be affected.

  4. Add users or groups as needed to your enterprise application in Microsoft Entra ID.
    Learn how to do that in Microsoft's documentation on assigning users and groups to an application.

In Yaypay, do the following:

  1. Go to the Settings | Business page and navigate to the Single Sign-On block.
  2. Check the Enable Single Sign-On checkbox.
  3. Provide the required SSO data:
    • Federation metadata- Provide the federation metadata in one of the following ways:
      • Download the federation metadata XML file from Microsoft Entra ID and upload it into YayPay:
      • Copy the federation metadata URL from Microsoft Entra ID and paste it into YayPay:
    • SAML certificate - Download the certificate from Microsoft Entra ID and upload it into YayPay:
  4. Finish the SSO configuration by clicking on SAVE CHANGES.
  5. Create YayPay users to match the users you created in Microsoft Entra ID:
    1. Go to the Settings | User Management page.
    2. Create Admins, AR Specialists, or Sales/CS by clicking on the Add User button on the corresponding tab.
    3. Keep in mind that a user's email address must match in both YayPay and Microsoft Entra ID, as that is the key field used for authentication.
  6. Log in to YayPay via SSO:
    1. Go to your Microsoft App Dashboard at https://myapps.microsoft.com/.
    2. Log in to the dashboard as a user that exists both in Microsoft Entra ID and YayPay.
    3. Click on the enterprise application that you have created for YayPay to be redirected to YayPay as a user logged via SSO.
Delete

Note

When single sign-on is enabled, users cannot log in to YayPay from the YayPay Log In screen by using their YayPay credentials.

However, you can allow certain users to log in without SSO. To enable this option, contact your account manager.

Additional information:

For Microsoft Entra ID: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

For Okta: https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Apps.htm?cshid=Applications_Applications#Applications_Applications

Configuring OneLogin SSO

In OneLogin, do the following:

  1. Add a new application (representing YayPay) to your OneLogin account:
    1. Log in to OneLogin as an administrator.
    2. Go to the Applications tab.
    3. Click on the Add App button.
    4. Search for the following application type: SAML Custom Connector (Advanced).
    5. Perform the initial setup and click on the Save button.
  2. Configure the application:
    1. Use the following values for the ConfigurationApplication details settings, depending on the environment in which your YayPay instance is running:

      Development (developer.yaypay.com):
      Setting Value
      Audience (EntityID) yaypay-apienv
      ACS (Consumer) URL Validator ^https:\/\/developer\.yaypay\.com\/saml\/SSO$
      ACS (Consumer) URL https://developer.yaypay.com/saml/SSO
       
    2. Keep the default values for the rest of the Configuration | Application details settings.
    3. Click on the Save button.
  3. Add users or groups as needed to your application in OneLogin.
    Learn how to do that in OneLogin's documentation on manually assigning apps to users.

In YayPay, do the following:

  1. Go to the Settings | Business page and navigate to the Single Sign-On block.
  2. Check the Enable Single Sign-On checkbox.
  3. Provide the required SSO metadata:
    1. Go to the SSO tab of the application that you created in OneLogin.
    2. Copy the value of the Issuer URL field:
    3. Run that URL in your browser to download a metadata XML file.
    4. Upload that metadata XML file into YayPay:
  4. Finish the SSO configuration by clicking on SAVE CHANGES.
  5. Create YayPay users to match the users you created in OneLogin:
    1. Go to the Settings | User Management page.
    2. Create Admins, AR Specialists, or Sales/CS by clicking on the Add User button on the corresponding tab.
    3. Keep in mind that a user's email address must match in both YayPay and OneLogin, as that is the key field used for authentication.
  6. Log in to YayPay via SSO:
    1. Go to your company's OneLogin portal at https://<company>.onelogin.com/portal.
    2. Log in to the portal as a user that exists both in OneLogin and YayPay.
    3. Click on the application that you have created for YayPay to be redirected to YayPay as a user logged via SSO.


Can't find what you need?

Contact our support team support@yaypay.com for help.