Complete the following steps before configuring Single Sign-On with your identity provider (idP).

Configuring the domain (DNS)

If you would like to manage your own domain name, resolve to the hostname below using a CNAME: [invotra CNAME endpoint]

Otherwise, Invotra can create a new domain name for your site, e.g. https://customer.invotra.com

Configuring the SSL certificate

To enable TLS for the new domain name, we need to terminate the SSL certificate on our Load balancer in Amazon Web Services (AWS).

We support two of the following options:

Wildcard certificate

If your organisation uses a wildcard certificate for your domain name, please pass its details to a member of our technical team. When you export the SSL certificate and the corresponding key, choose the Apache option. 

Request new certificate

If your organisation has a requirement to create a new SSL certificate, we will need to complete the following steps:

1. You or your technical resource to provide the following details for us to generate a new CSR:

• Country Name (2 letter code)
• State or Province Name (full name)
• Locality Name (e.g. city)
• Organisation Name (e.g. company)
• Organisational Unit Name
• Common Name
• Email Address

2. We will generate the CSR and send to your technical contact

3. Your technical contact will generate a new SSL certificate with the CSR we send using your preferred certificate authority

4. The SSL certificate is sent to Invotra and configured on the AWS Load balancer where SSL is terminated