Introduction

If you make use of a private identity provider (IdP) such as Okta, Microsoft Entra ID, Google Workspace or any other SAML-compliant system to manage your users, the following instructions will allow you to integrate your user-directory with the Made With Intent Platform.

Due to CSRF security considerations, the Made With Intent platform only supports SP-initiated authentication. This means that it is not possible to initiate authentication within your identity provider and redirect to the Made With Intent Platform. If you make use of a portal to direct your users to the applications they have access to, a bookmark will need to be used instead of IdP-initiated authentication.

Getting Started

To get started, let us know that you would like to enable SSO. The process requires configuration both within your system and within the Made With Intent Platform.

In general, setting up an integration consists of finding an “Applications” area within an IdP’s directory administration area and adding an application. For most SAML-compliant systems the same or similar values can be configured although labels in your chosen system may differ.

As an example of the configuration necessary, the steps below describe how to set up an application within the Okta platform.

Setting up with Okta

Log into Okta adminstration
Navigate to “Applications” → “Applications”
Click “Create App Integration”
In the modal choose “SAML 2.0”
General Settings
1. App name: Made With Intent Platform
2. App logo: If you would like to use a logo, see the logos section at the end of this article
3. App visibility: Check “Do not display application to users”
Configure SAML -> SAML Settings -> General
1. Single sign-on URL: https://madewithintent.auth.eu-west-2.amazoncognito.com/saml2/idpresponse
2. Audience URI (SP Entity ID): urn:amazon:cognito:sp:eu-west-2_IpQAAhyQW
3. Name ID format: EmailAddress
4. Application username: Email
Configure SAML → SAML Settings → Attribute Statements (Optional)
1. (Name) → (Name format) → (Value)
2. email → Basic → user.email
3. name → Basic → user.firstName
Complete the process and navigate to the “Sign On” tab
Under “Metadata details” click the button to make a copy of the Metadata URL
Share the Metadata URL with your Made With Intent representative

By default, no users are granted access to your newly created Application. To allow users to log in to the Made With Intent Platform, navigate to the "Assignments" tab and assign users (or groups) to the Application.

General guidance for other providers

The application must use SAML.
The application should not be shown to the users (i.e. IdP-initiated authentication is not supported).
The sign-on URL must be set to https://madewithintent.auth.eu-west-2.amazoncognito.com/saml2/idpresponse
The Audience URI should be set to urn:amazon:cognito:sp:eu-west-2_IpQAAhyQW
The username & ID format should be email address.
Two attribute mappings are required:
- The user's email address should be mapped to email attribute
- The user's chosen name should be mapped to name attribute
A metadata URL or file should be the output of the setup process and should be shared with a Made With Intent representative to complete the process. If supported by your platform, it is preferable to use a metadata URL.
Ensure that users have been assigned to the application.

Completing the setup process

Once we have received a SAML SSO Metadata URL or file, we will complete the necessary steps required for adding your identity provider to the Made With Intent platform. Upon completing this process, we will supply a URL that can be used within your portal to direct users to the Made With Intent platform.

Logos

The following logos may be used within your platform to identify the application