Configuring your Identity Provider (IdP) for use with Pitney Bowes Shipping 360 platform Single Sign-On (SSO)

If you are going to use Single Sign-On (SSO) for the Pitney Bowes Shipping 360 platform, you need to configure your Identity Provider (IdP) according to our guidelines.
Products affected: PitneyShip® Pro, PitneyShip® Enterprise, PitneyTrack® Inbound, PitneyAnalytics™, ParcelPoint™ Smart Lockers Locker Management Module

If you are going to use Single Sign-On (SSO) for the Pitney Bowes Shipping 360 platform, you need to configure your Identity Provider (IdP) according to our guidelines.

Single Sign-On (SSO) via OIDC and SAML is supported for all products on the Pitney Bowes Shipping 360 platform. Before engaging with Pitney Bowes to configure SSO, please set up your IdP using the information below.

Our platform supports SSO integration exclusively with the specific Identity Providers listed in our documentation (Federated and OKTA). Integration with other IdPs is not supported at this time.

Configuring your IdP

Use the following values when configuring your IdP:

  • EntityID (US): urn:amazon:cognito:sp:us-east-1_jnFR1tyn8
  • Reply URL: https://sso-us.shipping360.pitneybowes.com/saml2/idpresponse
  • Login URL: https://sendpro360.pitneybowes.com

Providing your Metadata

You will be required to provide Pitney Bowes with a metadata file containing embedded certificate(s).

  • Provide the file after configuring your IdP with the EntityID and URLs in this document.
  • You may provide the file to us via public URL or email attachment.
  • All certificates must be embedded in the metadata.

User Pool Attribute Mapping

The following are the SAML/OIDC Attributes for each User Pool Attribute.

  • UniqueID (Required): Examples: Email address, Employee number, Employee network ID, etc.
  • Email (Required): Email address
  • Given Name (Required): First Name
  • Family Name (Required): Last Name
  • Location (Optional): The user’s location name (case-sensitive)
  • Role (Optional): The user’s assigned role name (case-sensitive)
  • Cost Center (Optional): The user's assigned cost center (case-sensitive)

User Provisioning

Onboarding users in the Shipping 360 platform requires two attributes associated with the user:

  • User Location
  • User Role

Three user provisioning methods are supported:

  • Just In Time (JIT) Provisioning with defined role and location: With this method, administrators configure an SSO connection between the IdP and Service Provider, ensuring that the required Location and Role attributes are present. These attributes can be included in the User Token.
  • Just In Time (JIT) Provisioning with empty role and location: With this method, the user will be assigned to the default location and default role.
  • Manual/Scheduled Import: Importing users is done via the Manage Users screen. This will not directly create users; it will create user mappings and update existing users that have already logged in. Upon first login, the user mapping is disabled and can no longer be edited.

UPDATED: May 24, 2024