Explanation

Bank employees (e.g., members of bank product, sales, support, and onboarding teams) will have access to Koxa’s Partner Portal. The Partner Portal includes:

• training and reference materials for bank team,
• the Koxa enrollment tool, and
• Koxa support tool, where your support team can submit support tickets to Koxa.

Bank employees access the partner portal using single sign on (SSO).

Your internal IT team will work with Koxa to configure SSO access to Koxa’s Partner Portal. Please share the detailed set-up instructions below with your IT team. Once configuration is complete and validated, access to Koxa’s Partner Portal is managed by your IT team.

Please contact camellia@koxa.io with any questions or requests for additional information. 

Instructions

Please provide the following instructions to your IT team:

Koxa Partner SSO IT Set Up and Configuration

SSO access to Koxa’s Partner Portal is provided via IdP-to-IdP SAML Assertion. Koxa’s IdP then provides authentication to the support portal.

This SSO implementation covers Bank employee access to things like support ticketing, Koxa's onboarding application, and documentation. The implementation does not provide/change any access for Bank customers to Koxa services or applications.

Process Overview

Bank meta-data and SAML assertion to Koxa → Koxa configures and sends Koxa meta-data → Bank configures → Bank can validate

1. We will collect your meta data description to configure an SSO integration in our IdP
2. Koxa’s claim requirements are simple: User's first name, last name, and email address (this is used as the primary identifier).
   • We need to know how your IdP formats these.
3. We also need standard attributes including your Entity Descriptor that represents the URL of your SSO provider and public certificate (prefer .pem or similar)
   • In addition, please provide an actual SAML assertion from your IdP in addition to your IdP meta-data description.
4. Many IdPs provide a standardized meta-data description that does not reflect attributes/claims as they exist in your environment. If you provide only meta-data without a sample assertion, Koxa cannot begin configuration.
   • You can use the following tutorial to capture this assertion
5. Once you send the above items, Koxa will configure an SSO provider for you.
6. Koxa uses details of the partner request to configure our IdP to accept your SAML assertion
7. Koxa will reply to your the email with a number of details needed to finalize your IdP configuration:
   • a unique Entity Descriptor that represents the URL of your SSO provider in Koxa’s IdP
   • Koxa’s public certificate (provided as a .pem file)
   • instructions for an authorized user to validate SSO access once you have completed configuration with the above details
8. Bank will complete set-up in your IdP, then an authorized user at Bank (this can be Annette, or someone from the IT team) can validate access using the instructions provided. If your users cannot access the portal, you can email for assistance.
9. Once complete, you may provision your users for Partner Portal access according to program and business requirements.
10. Bank can validate.

A few notes:

All users will be granted the same baseline level of portal access (Support and Documentation). Elevated access to (1) submit new Enrollment requests, and/or (2) manage all support tickets for your organization can be requested via Koxa Support.

Existing Bank users should migrate without additional effort, provided the email address they currently use to sign into Koxa support = email provided by Bank SSO (if not, we can manually merge). This includes any elevated access already provided for onboarding application, etc.

Koxa does not have a QA environment available for partner SSO implementation. However, you can test before assigning your users more broadly. Koxa will not remove any existing until the bank is up and running.

Updated January 07, 2026 15:34