On Journey by Forj, SSO can be configured with the ACGI Association Anywhere AMS Platform.  Once SSO is configured appropriately in a Journey by Forj Community with ACGI, users are able to link from the Community sign-in page to the ACGI login page to authenticate access to the Community.  After successful authentication ACGI, the session is redirected back to the Community and the user is logged in automatically without re-entering any credentials in the Community.

Table of Contents

ACGI Association Anywhere Setup

Setup ACGI Association Anywhere Authentication in Journey by Forj

Map Profile Fields

ACGI Association Anywhere Setup

Work with ACGI to enable the necessary access for Journey by Forj to establish an SSO connection to your instance of Association Anywhere.  ACGI will need the IP addresses leveraged by Journey by Forj which are available upon request and upon completion provide all of the necessary details to establish the connection.

Setup ACGI Association Anywhere Authentication in Journey by Forj

SSO connections are configured on the Authentication page available from the Community Settings accessible by the designated Account Owner. To view the Community Settings, click the Community menu (people icon in the upper right corner) > Select Community settings > Select Authentication.

• Enable Single Sign-on Toggle.
• Select and Expand the ACGI Configuration.
• From the dropdown, Select the Group users should be added to by default upon SSO into the Community.
• Enter the Integrator Username provided by ACGI for the SSO connection.
• Enter the Integrator Password supplied by ACGI for the SSO connection.
• Enter the Base URL for the connected instance of ACGI Association Anywhere.
• Enter the SSA Plugin Name supplied by ACGI for the SSO connection.
• Enter the Login URL VC Parameter supplied by ACGI for the SSO connection.
• If desired, enter a Logout Redirect URL where users should be directed after logout from Journey by Forj.  This can be a logout URL for ACGI to also terminate their session in Association Anywhere, but doesn't have to be.  Default logout behavior is return to the Journey by Forj sign in page.

Map Profile Fields

On top of authenticating users into Journey by Forj, SSO can pre-fill desired Profile information based on information associated with the User in the connected Identity Provider. After selecting the Group users are added to by default upon SSO, it is possible to Map information available through the designated User Info Endpoint to the Registration Fields that have been configured for the selected group.

• Click the Add Mapping button.
• Select the Field to map from the available User Profile Fields.
• Enter the Name of the field coming from the Identity Provider that should fill the selected field.
• Add Mappings until all of the desired fields are mapped.

Note: If there are defined Registration fields that aren't mapped through SSO, users will be presented with the Registration form after SSO on first access to Journey by Forj.

Note: If you wish to map a nested attribute from a repeatable object, you need to use the format {attribute}{index}.{subattribute}.  For example, we are wanting to grab the first postalcode off of the addresses associated with the user: address0.portalcode would be the required mapping.