SAML Authentication
  • 20 May 2024
  • 3 Minutes to read
  • PDF

SAML Authentication

  • PDF

Article summary

SAML Authentication involves a user, a service provider, and an identity provider. Below, you'll find the steps outlined for SAML Authentication:

  1. The user requests the service provider to authenticate login credentials.
  2. The service provider sends it to the identity provider. 
  3. The identity provider authenticates and sends it to a service provider who verifies and grants the user access.

It's particularly useful in situations where Single Sign-On (SSO) is desired, allowing users to log in once and gain access to multiple applications without needing to re-authenticate for each one.

Add SAML Authentication

To add a new SAML Configuration, perform the following steps. 

  1. Navigate to Platform Studio > Access Control Center > Add Authentication > SAML
  2. Select SAML from the Authentication Types.
    Figure: SAML

  3. Click Add SAML Configuration to add a new instance for Authentication type.
    Figure: Add SAML

  4. Click Next to move to the next screen to enter the configuration details.

    Add SAML Authentication

    The screen appears as shown below for creating a user under SAML:

    Figure: SAML Configuration screen 

The table shows the list of general properties for enabling the SAML Configuration.

Field Description

FieldDescription
NameSpecify a name for the SAML configuration in the Name field.
Logo*You can upload the Logo for SAML configuration here. Choose the image for Logo and click the Upload.
Note
Logos are added for branding and user recognition purposes, but they are not specified in the SAML protocol.
SSO type*Select the type of SSO: SP initiated (Service Provider), IDP initiated (Identity Provider) on the dropdown option.

Figure: Type of Authentication
For more details about SP-initiated SSO and IDP-initiated SSO, refer to the Service provider (SAML) and Identity provider (SAML)

Redirect URL*Type the Redirect URL here.
Figure: Redirect URL
Response Attribute*Select any one of the attributes based on your configuration. The drop-down values under Response Attribute are Email and NT ID.
Figure: Response Attribute
Request Authentication Context*

Select the type of context:  Minimum, Better, None, Maximum, or Exact from the drop-down list. This field lists the conditions to match the Request Authentication Context. To create a user, the authentication context must match the authentication method. If it is Minimum: least strict level of authentication required, None: No specific authentication context required, Maximum: Highest level of authentication required, and Exact: Authentication context must match a particular level exactly.

Figure: Request Authentication Context 

ACS URLType the configured Assertion Consumer Service URL under the field.

Figure: ACS URL

Entity ID

Type the  Entity ID under the field.
Figure: Entity ID
IssuerAdd the Issuer by typing inside the text box of Issuer.
Figure: Issuer
Here Admin is added under the Issuer field.
Upload CertificateChoose the Upload Certificate and click Upload.
Figure: Upload Certificate
You can click Cancel if the wrong file is attached or if you don’t wish to upload the certificate after the file is chosen.
Two Factor AuthenticationEnable the check for Two Factor Authentication.Figure: Check box
If you click Two Factor Authentication, you can choose the type of Login Type from the field list.
Figure: Enable Two Factor Authentication
Create UserEnable the box to create user. Specify the Timezone from the drop-down list.
Figure:Timezone
Figure: Timezone list
Select the Roles for the User from the drop-down list.
Figure: Roles

You can click Submit to save the SAML Configuration. The SAML is configured successfully. Figure: SAML configuration

Click Next to navigate to Customize Login Screen for SAML Authentication.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.