- 20 May 2024
- 3 Minutes to read
- Print
- PDF
SAML Authentication
- Updated on 20 May 2024
- 3 Minutes to read
- Print
- PDF
SAML Authentication involves a user, a service provider, and an identity provider. Below, you'll find the steps outlined for SAML Authentication:
- The user requests the service provider to authenticate login credentials.
- The service provider sends it to the identity provider.
- The identity provider authenticates and sends it to a service provider who verifies and grants the user access.
It's particularly useful in situations where Single Sign-On (SSO) is desired, allowing users to log in once and gain access to multiple applications without needing to re-authenticate for each one.
Add SAML Authentication
To add a new SAML Configuration, perform the following steps.
- Navigate to Platform Studio > Access Control Center > Add Authentication > SAML.
- Select SAML from the Authentication Types.
Figure: SAML - Click Add SAML Configuration to add a new instance for Authentication type.
Figure: Add SAML - Click Next to move to the next screen to enter the configuration details.
Add SAML Authentication
The screen appears as shown below for creating a user under SAML:Figure: SAML Configuration screen
The table shows the list of general properties for enabling the SAML Configuration.
Field Description
Field | Description |
Name | Specify a name for the SAML configuration in the Name field. |
Logo* | You can upload the Logo for SAML configuration here. Choose the image for Logo and click the Upload. Note Logos are added for branding and user recognition purposes, but they are not specified in the SAML protocol. |
SSO type* | Select the type of SSO: SP initiated (Service Provider), IDP initiated (Identity Provider) on the dropdown option. Figure: Type of Authentication |
Redirect URL* | Type the Redirect URL here. Figure: Redirect URL |
Response Attribute* | Select any one of the attributes based on your configuration. The drop-down values under Response Attribute are Email and NT ID. Figure: Response Attribute |
Request Authentication Context* | Select the type of context: Minimum, Better, None, Maximum, or Exact from the drop-down list. This field lists the conditions to match the Request Authentication Context. To create a user, the authentication context must match the authentication method. If it is Minimum: least strict level of authentication required, None: No specific authentication context required, Maximum: Highest level of authentication required, and Exact: Authentication context must match a particular level exactly. Figure: Request Authentication Context |
ACS URL | Type the configured Assertion Consumer Service URL under the field. Figure: ACS URL |
Entity ID | Type the Entity ID under the field. Figure: Entity ID |
Issuer | Add the Issuer by typing inside the text box of Issuer. Figure: Issuer Here Admin is added under the Issuer field. |
Upload Certificate | Choose the Upload Certificate and click Upload. Figure: Upload Certificate You can click Cancel if the wrong file is attached or if you don’t wish to upload the certificate after the file is chosen. |
Two Factor Authentication | Enable the check for Two Factor Authentication.Figure: Check box If you click Two Factor Authentication, you can choose the type of Login Type from the field list. Figure: Enable Two Factor Authentication |
Create User | Enable the box to create user. Specify the Timezone from the drop-down list. Figure:Timezone Figure: Timezone list Select the Roles for the User from the drop-down list. Figure: Roles |
You can click Submit to save the SAML Configuration. The SAML is configured successfully. Figure: SAML configuration
Click Next to navigate to Customize Login Screen for SAML Authentication.