Configuring your Identity Provider (IdP) for use with Pitney Bowes Shipping 360 platform Single Sign-On (SSO)

If you are going to use Single Sign-On (SSO) for the Pitney Bowes PitneyShip Pro, PitneyTrack Asset, PitneyTrack Inbound, PitneyAnalytics, and the Locker Management Module, you need to configure your Identity Provider (IdP) according to our guidelines.

Single Sign-On (SSO) via OIDC and SAML is supported for all products on the Pitney Bowes PitneyShip Pro, PitneyTrack Asset, PitneyTrack Inbound, PitneyAnalytics, and the Locker Management Module. Before engaging with Pitney Bowes to configure SSO, please set up your IdP using the information below.

• Configuring your IdP
• Providing your Metadata
• User Pool Attribute Mapping
• User Provisioning

Configuring your IdP

Use the following values when configuring your IdP:

US

• EntityID (US): urn:amazon:cognito:sp:us-east-1_jnFR1tyn8
• Reply URL: https://sso-us.shipping360.pitneybowes.com/saml2/idpresponse
• Login URL: https://sendpro360.pitneybowes.com

Canada

• EntityID: urn:amazon:cognito:sp:ca-central-1_CTEzvam32
• Reply URL: https://sso-ca.shipping360.pitneybowes.com/saml2/idpresponse
• Login URL: https://app-ca.shipping360.pitneybowes.com

Australia

• EntityID: urn:amazon:cognito:sp:ap-southeast-2_C4Wic7nre
• Reply URL: https://sso-au.shipping360.pitneybowes.com/saml2/idpresponse
• Login URL: https://app-au.shipping360.pitneybowes.com

United Kingdom

• EntityID: urn:amazon:cognito:sp:eu-west-2_RZxaFRoQr
• Reply URL: https://sso-uk.shipping360.pitneybowes.com/saml2/idpresponse
• Login URL: https://app-uk.shipping360.pitneybowes.com

Ireland

• EntityID: urn:amazon:cognito:sp:eu-west-1_LB3pus05E
• Reply URL: https://sso-global.shipping360.pitneybowes.com/saml2/idpresponse
• URL: https://app-global.shipping360.pitneybowes.com

Providing your Metadata

You will be required to provide Pitney Bowes with a metadata file containing embedded certificate(s).

• Provide the file after configuring your IdP with the EntityID and URLs in this document.
• You may provide the file to us via public URL or email attachment.
• All certificates must be embedded in the metadata.
• If you need to make configuration changes or update your metadata, sign in to your account and create a technical support case.

User Pool Attribute Mapping

The following are the SAML/OIDC Attributes for each User Pool Attribute.

• UniqueID (Required): Examples: Email address, Employee number, Employee network ID, etc.
• Email (Required): Email address
• Given Name (Required): First Name
• Family Name (Required): Last Name
• Location (Optional): The user’s location name (case-sensitive)
• Role (Optional): The user’s assigned role name (case-sensitive)
• Cost Center (Optional): The user's assigned cost center (case-sensitive)

User Provisioning

Onboarding users in the PitneyShip Pro, PitneyTrack Asset, PitneyTrack Inbound, PitneyAnalytics, and the Locker Management Module requires two attributes associated with the user:

• User Location
• User Role

Three user provisioning methods are supported:

• Just In Time (JIT) Provisioning with defined role and location: With this method, administrators configure an SSO connection between the IdP and Service Provider, ensuring that the required Location and Role attributes are present. These attributes can be included in the User Token.
• Just In Time (JIT) Provisioning with empty role and location: With this method, the user will be assigned to the default location and default role.
• Manual/Scheduled Import: Importing users is done via the Manage Users screen. This will not directly create users; it will create user mappings and update existing users that have already logged in. Upon first login, the user mapping is disabled and can no longer be edited.

The features and options you see may vary depending upon your role and subscription. If you have any questions regarding your permissions, please contact your administrator.