Configuring your Identity Provider (IdP) for use with Pitney Bowes PitneyShip Pro, PitneyTrack Inbound, PitneyAnalytics, and the Locker Management Module Single Sign-On (SSO)
If you are going to use Single Sign-On (SSO) for the Pitney Bowes PitneyShip Pro, PitneyTrack Inbound, and the Locker Management Module, you need to configure your Identity Provider (IdP) according to our guidelines.
Single Sign-On (SSO) via OIDC and SAML is supported for all products on the Pitney Bowes PitneyShip Pro, PitneyTrack Inbound, and the Locker Management Module. Before engaging with Pitney Bowes to configure SSO, please set up your IdP using the information below.
Our platform supports SSO integration exclusively with the specific Identity Providers listed in our documentation (Federated and OKTA). Integration with other IdPs is not supported at this time.
Configuring your IdP
Use the following values when configuring your IdP:
US
- EntityID (US): urn:amazon:cognito:sp:us-east-1_jnFR1tyn8
- Reply URL: https://sso-us.shipping360.pitneybowes.com/saml2/idpresponse
- Login URL: https://sendpro360.pitneybowes.com
Canada
- EntityID: urn:amazon:cognito:sp:ca-central-1_CTEzvam32
- Reply URL: https://sso-ca.shipping360.pitneybowes.com/saml2/idpresponse
- Login URL: https://app-ca.shipping360.pitneybowes.com
Australia
- EntityID: urn:amazon:cognito:sp:ap-southeast-2_C4Wic7nre
- Reply URL: https://sso-au.shipping360.pitneybowes.com/saml2/idpresponse
- Login URL: https://app-au.shipping360.pitneybowes.com
United Kingdon
- EntityID: urn:amazon:cognito:sp:eu-west-2_RZxaFRoQr
- Reply URL: https://sso-uk.shipping360.pitneybowes.com/saml2/idpresponse
- Login URL: https://app-uk.shipping360.pitneybowes.com
Ireland
- EntityID: uurn:amazon:cognito:sp:eu-west-1_LB3pus05E
- Reply URL: https://sso-global.shipping360.pitneybowes.com/saml2/idpresponse
Providing your Metadata
You will be required to provide Pitney Bowes with a metadata file containing embedded certificate(s).
- Provide the file after configuring your IdP with the EntityID and URLs in this document.
- You may provide the file to us via public URL or email attachment.
- All certificates must be embedded in the metadata.
User Pool Attribute Mapping
The following are the SAML/OIDC Attributes for each User Pool Attribute.
- UniqueID (Required): Examples: Email address, Employee number, Employee network ID, etc.
- Email (Required): Email address
- Given Name (Required): First Name
- Family Name (Required): Last Name
- Location (Optional): The user’s location name (case-sensitive)
- Role (Optional): The user’s assigned role name (case-sensitive)
- Cost Center (Optional): The user's assigned cost center (case-sensitive)
User Provisioning
Onboarding users in the PitneyShip Pro, PitneyTrack Inbound, and the Locker Management Module requires two attributes associated with the user:
- User Location
- User Role
Three user provisioning methods are supported:
- Just In Time (JIT) Provisioning with defined role and location: With this method, administrators configure an SSO connection between the IdP and Service Provider, ensuring that the required Location and Role attributes are present. These attributes can be included in the User Token.
- Just In Time (JIT) Provisioning with empty role and location: With this method, the user will be assigned to the default location and default role.
- Manual/Scheduled Import: Importing users is done via the Manage Users screen. This will not directly create users; it will create user mappings and update existing users that have already logged in. Upon first login, the user mapping is disabled and can no longer be edited.
UPDATED: 11 July 2024