SSO GuideAPI Guide

Initial Setup

The purpose of this phase is to establish your client in the Advanced Fraud Solutions UAT portal, configure the initial SSO settings, and begin setup within your IdP. SSO configuration for both TrueChecks and Positive Pay is managed through the main Advanced Fraud Solutions portal.

UAT Portal

AFS will create your client in the UAT environment and set up users with the ClientAdmin or IntegratorAdmin roles required to complete self‑provisioning of SSO.

Once setup is complete, you can begin configuring your SSO:

  1. Login to https://uat-portal.advancedfraudsolutions.com

  2. Select Administration on the main menu

  3. Select Client from the sub menu

  4. Select Single Sign On from the side menu

UAT Configuration

You must provide the following information when setting up a new SSO implementation:

  • Name: Uniquely identifies the SSO configuration

  • Entity ID: Provided by the IdP

  • Sign On URL: Provided by the IdP

  • Certificate Body: Used to sign SAML Responses. It will typically be a long string of random characters starting with something like -----BEGIN CERTIFICATE----- and ending with something like -----END CERTIFICATE-----.

AFS also supports the following optional configurations:

  • Log Out URL: By default, logging out from an AFS portal redirects users back to the AFS login screen. AFS can optionally redirect users to a client-defined static URL after logout.

  • Force SSO: When enabled, users are no longer able to log in using the standard AFS portal login. All login attempts are redirected to the client’s IdP and treated as an SP-initiated SSO attempt.

  • Auto-Provision Users: By default, client administrators manage users in the AFS portal. When automated provisioning is enabled, users can be created dynamically as part of the SSO process using the attributes passed in the SAML assertion. If this option is enabled without Force SSO, users are created with a temporary password and must perform a one-time password reset to access the portal through traditional login.

IdP Configuration

Configure your IdP with the values provided by AFS:

  • SSO Key: Generated by AFS and used in your configuration within the IdP settings

  • Identifier (Entity ID): Should be set to https://uat-portal.advancedfraudsolutions.com

  • Reply URL (Assertion Customer Service URL): Displayed once your SSO is configured in the AFS portal. The format is: https://portal.advancedfraudsolutions.com/SSO/{GUID}
    where {GUID} is your unique SSO Key.

Advanced Fraud Solutions Logo Light Advanced Fraud Solutions Logo Dark

Copyright © 2025 Advanced Fraud Solutions