Skip to content

Authentication Types - SAML

Use this subform to configure the SAML authentication type.

Note

With the SAML authentication type enabled, all deep-links will attempt to validate against the SAML service, potentially redirecting the user to a SAML identity provider (IdP) login screen. All users should log in to the top-level Web FQDN and only use deep-links after logging in.

See Configuring External Authentication Types in Unified Assurance Security Guide for information about configuring external authentication types, including using multiple instances and supporting transient users.

Form Fields

  • Protocol: The protocol that the authentication type instance uses.

  • Name: The name of the authentication type instance. Use this to differentiate between instances.

  • Status: The status of the authentication type instance.

  • Transient User Login: Select this to expand fields relevant to transient users. See About Transient Users in Unified Assurance Security Guide for information about transient users.

    • Domain: The SAML server domain to use for transient SAML users.

    • Group Attribute: The attribute in the SAML response to look for user groups in. This varies by IdP. For example, it could be member, eduPersonAffiliation, or any other string.

  • Settings (Identity Provider):

    • Entity ID: The unique identifier for your SAML-enabled IdP.

    • Single SignOn Service: The endpoint on your IdP used that receives authentication requests, processes them, and returns the authenticated user.

    • Single Logout Service: The endpoint on your IdP that receives logout requests and sends logout responses.

    • Certificate: The certificate data.

    • NameID Format: The expected format of the name ID element of the SAML response. This must match the username in Unified Assurance.

  • Settings (Service Provider for Internal Presentation): These fields are read-only in Unified Assurance. They are populated as you enter the IdP information. You provide them to your SAML administrator to configure in your IdP.

    • Entity ID: The unique identifier for your SAML-enabled service provider (SP).

    • Assertion Consumer Service: The endpoint for the IdP to send an authenticated user.

    • Single Logout Service: The endpoint on the SP to send logout requests.

    • Certificate: The certificate data.

  • Settings (Service Provider for External Presentation): These fields are read-only in Unified Assurance. They are populated if you are using an external presentation server as you enter the IdP information. You provide them to your SAML administrator to configure in your IdP.

    • Entity ID: The unique identifier for your SAML-enabled SP.

    • Assertion Consumer Service: The endpoint for the IdP to send an authenticated user.

    • Single Logout Service: The endpoint on the SP to send logout requests.

    • Certificate: The certificate data.