Single Sign On for retailers

CitrusAd's SSO integration allows direct connection to a retailer's IDP via SAML 2.0. You will be able to provide users the ability to log in via SSO, authenticated via your IDP.

🚧

Retailer SSO Only

As a multi-tenant platform that enables advertisers to access multiple retailer platforms, our capability is best suited to retailers looking to enforce SSO for staff.

We do not enable delegated authority of a user's lifecycle, as this can impact other retailer platforms.

Scope of capability

CitrusAd allows your IDP to authenticate if the user has access to your CitrusAd portal. This is configured on a per-namespace basis.

📘

As CitrusAd Is a multi-tenancy platform globally connected; advertisers will still to log in directly via the login module. Advertisers will still need to be invited to your platform to gain access, even if they are able to access other retailer platforms.

User experience

When users log into your portal, they will see a “Login with SSO” button in your login module if you are connected via SAML.

If you are connected via a Google or Microsoft IDP, it will display the relevant IDP’s button on the login module.

In the case you want a unique retailer and advertiser SSO, this is possible too. This would be two IDP connections, and two buttons in the interface.

Integration requirements

IDP integration

To integrate, CitrusAd requires the below from your IDP

• Entity ID
• SSO URL
• Idp signature Certificate
CitrusAd will also configure on the CitrusAd side the below information that will be shared with you:
• Entity ID (audience URI)
• Base URL
• ACS URL

These will be provided by your technical account manager.

Mapping attributes

Attributes on the CitrusAd configuration are as below:

• primary email
• firstName
• lastName
• email

You may need to configure mappings in your IDP accordingly.