To integrate SAML SSO with our application, you will need to configure settings on both the Identity Provider (IdP) side and within our application. Follow the steps below to ensure a smooth setup process.
Identity Provider Configuration
As a tenant, you will need to create and configure a SAML Identity Provider (IdP). The specific steps may vary depending on the IdP service you are using, but the general requirements are as follows:
-
Entity ID: Set the Entity ID (also known as the Issuer URL) to
https://{tenant-domain}/Saml2. This uniquely identifies your IdP within our application. -
Assertion Consumer Service (ACS) URL: Set the ACS URL to
https://{tenant-domain}/Saml2/Acs. This is the endpoint in our application where the SAML assertions are sent. -
App Federation Metadata URL: Obtain the App Federation Metadata URL from your IdP. This URL provides our application with the necessary metadata to establish a trust relationship with the IdP.
- Attributes and Claims: Specifically, the user's email should be present in one of these two claim URIs:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressorhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name. This ensures accurate user identification and authentication in our system.
Once you have configured your IdP with the above settings, ensure that you save or note down the Identity Provider Identifier and the App Federation Metadata URL as you will need them for the configuration within our application.
Application Configuration
After setting up your IdP, you need to configure our application to work with your SAML SSO setup.
-
Log in to our application and navigate to Administration > Portal > Security.
-
Locate and enable the Enable SAML2 Single Sign-On checkbox. Upon enabling, you will see three new input fields.
-
Fill in the following details:
- Identity Provider Identifier: Enter the Idp Identifier you set up in your IdP configuration.
- Metadata URL: Enter the App Federation Metadata URL provided by your IdP.
- SAML Login Button Text: Enter the text that you want to appear on the SAML login button. This text will guide users to initiate the SSO process.
-
Save your settings. Our application will now attempt to retrieve and process the metadata from the provided Metadata URL to finalize the SSO integration.
-
Test the SSO integration by navigating to the login page and clicking on the SAML login button. You should be redirected to your IdP for authentication.
Troubleshooting
If you encounter any issues during the setup or testing phases, please check the following:
- Ensure that the Entity ID and Metadata URL are correctly entered and match the information from your IdP.
- Verify that the Metadata URL is accessible from our application's server.
- Confirm that the time on your IdP server and our application server are synchronized.
- Check the IdP logs for any SAML-related errors.
For further assistance, please contact our support team with detailed information about the issue you are facing.