SAML Authentication

SAML Authentication involves a user, a service provider, and an identity provider. Below, you'll find the steps outlined for SAML Authentication:

1. The user requests the service provider to authenticate login credentials.
2. The service provider sends it to the identity provider. 
3. The identity provider authenticates and sends it to a service provider who verifies and grants the user access.

It's particularly useful in situations where Single Sign-On (SSO) is desired, allowing users to log in once and gain access to multiple applications without needing to re-authenticate for each one.

Add SAML Authentication

To add a new SAML Configuration, perform the following steps. 

1. Navigate to Platform Studio > Access Control Center > Add Authentication > SAML. 
2. Select SAML from the Authentication Types.
   Figure: SAML
   
   
3. Click Add SAML Configuration to add a new instance for Authentication type.
   Figure: Add SAML
   
   
4. Click Next to move to the next screen to enter the configuration details.
   

   Add SAML Authentication

   The screen appears as shown below for creating a user under SAML:

   

   Figure: SAML Configuration screen 

The table shows the list of general properties for enabling the SAML Configuration.

Field Description

Field	Description
Name	Specify a name for the SAML configuration in the Name field.
Logo*	You can upload the Logo for SAML configuration here. Choose the image for Logo and click the Upload. Note Logos are added for branding and user recognition purposes, but they are not specified in the SAML protocol.
SSO type*	Select the type of SSO: SP initiated (Service Provider), IDP initiated (Identity Provider) on the dropdown option. Figure: Type of Authentication For more details about SP-initiated SSO and IDP-initiated SSO, refer to the Service provider (SAML) and Identity provider (SAML).
Redirect URL*	Type the Redirect URL here. Figure: Redirect URL
Response Attribute*	Select any one of the attributes based on your configuration. The drop-down values under Response Attribute are Email and NT ID. Figure: Response Attribute
Request Authentication Context*	Select the type of context:  Minimum, Better, None, Maximum, or Exact from the drop-down list. This field lists the conditions to match the Request Authentication Context. To create a user, the authentication context must match the authentication method. If it is Minimum: least strict level of authentication required, None: No specific authentication context required, Maximum: Highest level of authentication required, and Exact: Authentication context must match a particular level exactly. Figure: Request Authentication Context
ACS URL	Type the configured Assertion Consumer Service URL under the field. Figure: ACS URL
Entity ID	Type the  Entity ID under the field. Figure: Entity ID
Issuer	Add the Issuer by typing inside the text box of Issuer. Figure: Issuer Here Admin is added under the Issuer field.
Upload Certificate	Choose the Upload Certificate and click Upload. Figure: Upload Certificate You can click Cancel if the wrong file is attached or if you don’t wish to upload the certificate after the file is chosen.
Two Factor Authentication	Enable the check for Two Factor Authentication.Figure: Check box If you click Two Factor Authentication, you can choose the type of Login Type from the field list. Figure: Enable Two Factor Authentication
Create User	Enable the box to create user. Specify the Timezone from the drop-down list. Figure:Timezone Figure: Timezone list Select the Roles for the User from the drop-down list. Figure: Roles

You can click Submit to save the SAML Configuration. The SAML is configured successfully. Figure: SAML configuration

Click Next to navigate to Customize Login Screen for SAML Authentication.