Watermark Navigator Technical Specifications

Introduction to Navigator

Watermark Navigator allows users* to toggle between multiple Watermark Solutions. For SAML
setups, the Institution will authenticate using a campus email domain, so it’s important to make
sure that user accounts are using a consistent email address handle.

For advanced authentication, Navigator can be configured to support SAML SSO. It supports
SP-initiated SSO and JIT (Just In Time) Provisioning, the protocol that is widely considered to be
the industry preferred method of single sign on. When SAML setup is complete, Institution's IT
Representatives will help us set up a redirect to their campus portal from a login URL that looks
like this -  https://login.watermarkinsights.com/connect/clientconnectionname

*Students will not access Watermark Solutions via Watermark Navigator


Watermark Navigator SSO Setup Process

1. Institution's IT Representative is asked to complete the setup form - we will require the
metadata and x509 certificate from your IdP

  • We need the following claims - Firstname, Lastname and Email address
  • Along with the above - NameID mapped to email address

2. Watermark Engineering Services will configure our Service Provider (Auth0), and provide
you with the metadata.
3. Institution's IT Representative will then apply the metadata to their IdP
4. We will then ask the Institution's IT Representative to test the SAML connection -
Watermark Engineering Services may request a zoom meeting to complete this step.
A test account may be required to troubleshoot.



Design Flow - Once the above steps are in place.

  •  Stage 1: The user is successfully redirected to an identity provider (IdP) and is able to login
  •  Stage 2: After login with the IdP, the user returns to Auth0 with a successful login event
  • Stage 3: After a successful login event in Auth0, the user profile in Auth0 is verified.
  • Stage 4: The user successfully redirects back to application and is able to access the

If any of the above stages fail, Engineering Services will troubleshoot with the Institution's IT Representative and a test account may be required.

On completion of Stage 1-4, please use the test account to test the connection. A successful log in
for the Test User would yield one of two outcomes:

a. Successful login and access to the platform. This means SAML is on for the
platform and the Test User has a real account that can be accessed
b. A message that says “We weren’t expecting you.” This means that SAML is working
for the client, but the Test Account is not a real account that can be accessed


Please fill out the form linked below if you are interested in setting up SSO through Watermark Navigator. You can expect a Watermark Project Manager to contact you within 5 business days of completing the form.

Watermark Navigator Configuration Request Form


Was this article helpful?
0 out of 0 found this helpful

Articles in this section

How to Contact Support
Click the "Submit A Request" button at the top right or bottom of the screen to create a case.
Watermark Academy
Click to access the Watermark Academy for free webinars, workshops, certifications, and free on-demand training