Professional Documents
Culture Documents
Configuring Generic SAML Single Sign-On
Configuring Generic SAML Single Sign-On
The following procedures describe in general terms how to configure a typical SAML-compliant IDP as
a single-sign-on provider for Securiti. Use these instructions if we don't have specific instructions for
your IDP in Configuring single sign-on[../configuring-single-sign-on.html].
[#UUID-c335252b-261c-bb4f-c134-e461db7e48ca_section-idm232003767817953_body]
In Securiti, you record the Service Provider (SP) metadata URL and Assertion Consumer Service
(ACS) URL. You use these later when you configure the single sign-on service to work with Securiti.
2 On the Single Sign-On page, record the following information to use later:
SP Metadata URL
ACS Url
[#UUID-c335252b-261c-bb4f-c134-e461db7e48ca_section-idm232003782727334_body]
You configure your single sign-on service with the Securiti URLs you obtained earlier. You also
configure correlations between attributes and claim fields.
Setting
Value
(may be labeled any of the following)
Audience URI
Client ID
Enter the SP Metadata URL you recorded in
Federation Metadata
Securiti
Identifier (Entity ID)
9r-9AgXLW5VIenW2VUts5kRcB0-lCJ1bC-
US cloud FQ2R4_KJMeZ_oOTVHAvQ==
aloaoPtqQ2mKDYQVGUrcL-SorEWxhJsITcjUcjsVx5-
EU cloud EpMWFaWK3fQ==
Setting Menu
Value
(may be labeled any of the following)
Encrypt assertion
Assertion Encryption Off / Unencrypted
4 For the new application or integration, configure the following mandatory attribute mappings
that Securiti requires from the IDP:
Given-Name
first_name
user.firstName
firstname
First Name X500 givenName
givenname
user.givenname
Surname
last_name
user.lastName
lastname
Last Name X500 surname
surname
user.surname
User-Principal-Name
email
user.email
emailaddress
Email X500 email
useremail
user.mail
5 Proceed to 3. Obtain identity provider metadata[configuring-generic-saml-single-sign-
Menu
on.html#UUID-c335252b-261c-bb4f-c134-e461db7e48ca_section-idm232258142536803].
[#UUID-c335252b-261c-bb4f-c134-e461db7e48ca_section-idm232258142536803_body]
For the application or integration, find the place in the IDP console where you obtain the identity
provider metadata. The metadata is in the form of an XML file that you download, or as a URL for the
file that you record to use later. Download the XML file or record the URL. Then proceed to 4.
Configure single sign-on in SecuritiSecuriti[configuring-generic-saml-single-sign-on.html#UUID-c335252b-
261c-bb4f-c134-e461db7e48ca_section-idm23225814591896].
[#UUID-c335252b-261c-bb4f-c134-e461db7e48ca_section-idm23225814591896_body]
In this section