โKeep in mind: if you decide to implement SAML, all other login options (Microsoft + Google sign-in and username and password) will be disabled for everyone on your domain. You will only be able to login from your IdP.
Tip: If your organization uses Google Workspace or Microsoft 365, using the provider login buttons on our login page are an easier way to login with SSO, as those will also redirect you to using your IdP provider without any configuration on our end.
Please use the following data when creating your SAML IdP metadata for accessing OnDMARC to send to us:
NOTE: Do not add trailing slash at the end of the URLs. Create them exactly as shown below.
UK Instance (default instance):
If you used this signup link: https://iam.redsift.cloud/signup, you are using the UK instance.
Assertion consumer service URL: https://sso.redsift.cloud/organizations/ondmarc/saml
Identifier / Entity ID (Audience URI): http://app.ondmarc.com
Name ID format: Email address
Response: Signed
Signature Algorithm: RSA-SHA256
Assertion Encryption: Unencrypted
EU Instance:
If you used this signup link: https://iam.eu.redsift.cloud/signup, you are using the EU instance.
Assertion consumer service URL: https://sso.eu.redsift.cloud/organizations/ondmarc/saml
Identifier / Entity ID (Audience URI): http://ondmarc.eu.redsift.cloud
Name ID format: Email address
Response: Signed
Signature Algorithm: RSA-SHA256
Assertion Encryption: Unencrypted
US Instance:
If you used this signup link: https://iam.us.redsift.cloud/signup, you are using the US instance.
Assertion consumer service URL: https://sso.us.redsift.cloud/organizations/ondmarc/saml
Identifier / Entity ID (Audience URI): http://ondmarc.us.redsift.cloud
Name ID format: Email address
Response: Signed
Signature Algorithm: RSA-SHA256
Assertion Encryption: Unencrypted
We do not support SLO (Single Logout).
Specific answers:
1. Does OnDMARC have metadata? If yes, could you please provide us URL where we can download it?
No
2. Does OnDMARC sign SAML requests? If yes, could you please provide signing certificate?
No
3. Does OnDMARC support Encryption of assertion? If yes, could you please provide encryption certificate?
No
4. Does OnDMARC require any mandatory attributes in SAML assertion?
Yes. We require the 'nameIdentifier' attribute. The format of the 'nameIdentifier' has to be 'EmailAddress'.
5. Does OnDMARC support user provisioning though SAML? If yes, are there any attributes required?
No. We support just-in-time user provisioning only, via an IdP metadata file provided by a user.
6. Does OnDMARC support Relay State in IdP initiated flow? If yes, is it mandatory?
No
7. Does OnDMARC support sha256 signing algorithm?
Yes
IdP Initiated SSO -> Yes
SP Initiated SSO -> No
SLO (Single Logout) -> No
IdP Initiated SLO -> No
SP Initiated SLO -> No
If you need our logo, please use the one below:
โhttps://static.ondmarc.com/marketing/icons/logo-ondmarc-95x95.png