search
Adaptiva.comSupport

Create SAML Provider

circle-info

You can only configure single sign-on (SSO) in an on-premises Adaptiva Server. This does not apply to our SaaS solution.

SAML (Security Assertion Markup Language) on the OneSite platform allows you to configure a SAML provider in order for your users to login via SSO.

Below are some SAML Provider specific guides:

hashtag
Create the SAML Provider in the Admin Portal

  1. Log in to the Admin Portal as a Super Admin.

  2. Click the gear icon > Settings > Security > SAML Providers.

  3. On the SAML Providers page, click + New.

  4. Enter a name and description. You can also add a logo (.png).

  5. Under SAML Settings, configure the following values:

    • Issuer ID - The unique name this provider puts in it's saml:Issuer element. Used to look up the signing key when receiving a response.

    • Authentication Request URI - The URI to send a saml:AuthnRequest. If not set, can not request login using saml:AuthnRequest, but can still receive responses from the service provider.

    • Attribute Consuming Service Index - The index given to the Adaptiva client if registered with the provider. If not set, the Adaptiva Server will automatically set a AsertionConsumerServiceURL attribute any saml:AuthnRequest it builds.

    • Name ID Format - The NameID format to request from the provider. If blank, it is equivalent to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. At construction, it will be set to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

    • Public Key Info - The signing key in PEM format used to verify the signature of a SAML response.

    • Audience - The audience the server will expect to be declared in the SAML response. If not set, the server's auto-detected URL will be used.

  6. Click Save.

hashtag
Create the Administrator account

After creating the SAML Provider, register users as Administrators using the following steps:

  1. Select Settings > Security > Administrators.

  2. Click +New and create an Administrator account.

  3. From the Admin Type dropdown, select SAML.

  4. Enter the email address for the user you are creating.

    The system uses this address to send an email invitation to the user, and to match the user with their IAM service identity. This email address must have been granted permissions in the IAM’s SAML application.

  5. Click the Identity Provider drop-down and select the provider you created earlier.

  6. In the Subject ID field, enter the same email address used above.

  7. Under Administrator Details, enter the first and last name of the user and add any additional information needed.

  8. Under Direct Roles, click Browse. Select the appropriate role(s) for the administrator and click OK.

  9. Select Save.

hashtag
Test the Login

  1. Ask the user to test the login using SAML.

  2. Navigate to the Admin Portal. The login screen now lists the new SAML Provider.

  3. Select the new provider and log in to the portal using your IAM credentials.

circle-info

You may see the error Error Message = Invalid Audience: https://ws25Tester:443, Error Code = 13 (0xd), Source Object = null propertyName[null] In this example the server FQDN has a capital T in the server FQDN Entity ID. Make sure the Audience entry matches the case returned in the error.

PreviousCreate OIDC ProviderNextConfigure SSO

Last updated

Was this helpful?