The Journyx SaaS application can be configured to use to provide SAML-based single sign-on authentication. Journyx is considered a Service Provider (SP) in SAML terminology. Your portal script functions as the Identity Provider (IdP).

The Journyx setup process is generally described below.

  1. Journyx gives you a few key bits of information discussed below; mainly the SSO endpoint URL and Audience value, and tells you the Attributes to send, mainly 'login' and 'email'.
    1. a. Your endpoint will be:
    2. b. Your audience URI will be:

      In the above examples, "<your_journyx_site_name>" would be replaced with the actual name of your Journyx SaaS site.
  2. Your identity management software (e.g. Okta, Azure, PingOne) accepts these values at a configuration screen and produces an XML file called the Identity Provider (IdP) SSO Metadata. Your signing certificate is embedded in this file.
  3. You send the IdP SSO Metadata XML file to us at Journyx, and we install it on our server. This describes you (the Identity Provider) to our server so we know how to validate incoming assertions.
  4. Once we have this file and install the necessary SSO tools and configuration to your Journyx site, the SSO connection will be active.

Please note that the creation of the application within your SSO portal and the creation of the metadata file is controlled by you, the customer, and not by Journyx. Each identity provider procedure will vary. If you are unfamiliar with registering an application and creating the associated metadata, please contact your IT staff or your identity provider support.

Before you begin, please note that the 'login' value must exactly match the corresponding 'User Login' field in Journyx; this is case-sensitive and must uniquely identify each user. This can be different from what the user actually types to sign in on your side, as long as you can extract/obtain the correct value to match the information in Journyx.

Okta: Setting up a SAML Application in Okta

Azure: Configuring single sign-on to applications that are not in the Azure Active Directory application gallery

PingOne: Export Metadata for Service Provider Configuration