Follow these steps to set up Shutterstock as an application for Auth0:
Contact your Shutterstock account representative and provide this information:
metadata.xml
file. This file includes:
Shutterstock sets up an identity provider configuration to allow your identity provider to use our SAML offering.
Shutterstock provides a callback URL and other information that you need for your configuration.
The callback URL looks like this example: https://accounts.shutterstock.com/saml/2t35e39b-a281-4q9d-g758-194b52749de5/callback
.
Add an application to Auth0 using that callback URL and this other information:
{ "audience": "https://accounts.shutterstock.com/saml", "mappings": { "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" }, "createUpnClaim": false, "passthroughClaimsWithNoMapping": false, "mapUnknownClaimsAsIs": false, "mapIdentities": false, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ] }
Configure your identity provider to pass the following attributes as part of the SAML assertion that it sends to Shutterstock. If the attributes are not included by default, you may need to add them as custom attributes. Check your identity provider's documentation for information about how to configure the SAML assertion.
email
: The email for the authenticating user accountid
or user_id
: An identifier for the account, usually numeric; this ID must be unique within your identity provider systemname
: A string that contains the authenticating user's first name and last name in the format FirstName LastName
roles
: (Optional) The roles for the user; see Assigning permissions
team
: (Optional) The organization for the user; see Assigning organizations
Now the integration is ready to use.
Now that the federated identity integration is ready, you can test it to make sure that it works. Then you can have your users log in to Shutterstock services through your identity provider.
To verify that the integration is set up correctly or to troubleshoot problems, look at the SAML assertion that your IdP is sending to Shutterstock.
Some IdPs can generate a sample SAML assertion that you can view to verify that the custom attributes appear correctly or to help with debugging. You can also see the SAML assertion by launching the Shutterstock application through the IdP and using a tool such as SAML-tracer.
The SAML assertion should look like the following XML example. Make sure that your SAML assertion is formatted in a similar way.
If you can't log in to Shutterstock through your IdP, send your sample SAML assertion to your Shutterstock account representative with any other information you have on the problem.
<?xml version="1.0" encoding="UTF-8"?> <saml2:Assertion ID="id467897227883162648067369" IssueInstant="2021-03-18T14:58:33.926Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/Issuer</saml2:Issuer> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">userName</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData NotOnOrAfter="2021-03-18T15:03:33.930Z" Recipient="https://accounts.shutterstock.com/saml/453663451-3724-4761-828b-bbe31a27c9f7/callback"/> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2021-03-18T14:53:33.930Z" NotOnOrAfter="2021-03-18T15:03:33.930Z"> <saml2:AudienceRestriction> <saml2:Audience>https://accounts.shutterstock.com/saml</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2021-03-18T14:58:33.926Z"> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> <saml2:AttributeStatement> <saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.email </saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.roles </saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.email </saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="team" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user.team </saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion>
Vi har mere end 475.000.000 aktiver på Shutterstock.com pr. 30. november 2023.