Dear Customer,

In order to provision SSO for your AP Automation system there are some activities that have to be provided / confirmed at your end.

First of all here is a description of how our SSO solution operates and what it supports:

• We support SP Initiated SSO only.
• We support SAML 2.0 and WS-* protocols only.
• Our SSO STS system is based upon an ADFS 4.0 system.

In order for us to configure SSO for your system you will first need to:

1. You need to have an SSO system available that supports the above
2. You need to configure an Identity Provider / Claims provider in your system.
   1. Using the meta data found at this URL: https://sso.p2p.basware.com/FederationMetadata/2007-06/FederationMetadata.xml
   2. With a single claim being passed to us as follows
      • Claim name: Name (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name) 
        • The content of this attribute should be the unique id of the user wishing to log in
   3. Ensure that the Name ID is set to transient
3. NOTE: For the solution to work efficiently, Basware strongly recommends you to configure your cookies in a way that they expire when User closes Session/Browser.

This information should make sense to your IT department.

Once this has completed, please provide us the following:

1. Your systems Federation Meta Data (URL is preferred, for automatic updates of metadata information)
   1. This should be in the form of a URL link, or a xml file
   2. This should contain the Certificate / Key information within it, and the Certificate / Key should not be sent as a separate item
   3. Please inform us if you are using 2 different IdP for Test and Production in your SSO solution, or just a IDP.