ENABLING SAML AND CONFIGURING SAML FOR YOUR PORTAL
Enabling SAML within your portal allows you to enable SSO login from third-party websites. For SSO login to be used, SAML Providers must be configured. A unique identifier is used to assert a user between the Identity Provider and the portal and authorize login to the user's account. This assertion is configured as the identity type.
Note*: If you use the Federation ID identity type, only one Identity Provider can be used.
To enable SAML for the portal, you must have the following permissions:
- Administrator System Role
TO ENABLE SAML:
- In the Setup Home page, click Manage > Company Preferences.
- Click Edit.
- Select the Security Settings tab.
- Check SAML Enabled.
- Click Save.
TO ADD AND CONFIGURE SAML PROVIDERS:
- In the Setup Home page, click Security > Single Sign-On.
- If you want to add a new SAML Provider, click New. If you want to configure an existing SAML Provider, click the SAML Provider, then click Edit.
- Configure the following fields:
Enter the name of the SAML Provider.
Automatically populated from the Name field.
Enter an optional description for the SAML Setting.
- SAML Version
Magentrix uses SAML version 2.0.
- Single Sign-On Service URL
Enter the URL that your portal contacts to verify the login.
- Identity Provider Certificate
Upload the Security Certificate that verifies communication between your portal and the Identity Provider. Contact your Identity Provider or refer to their technical documentation in order to acquire this certificate.
- SAML Identity Type
- If you want to use the user's Magentrix portal username when asserting if the user is valid, select Assertion contains User's Magentrix username.
- If you want to use the value in the User ID field of the User Entity, select Assertion contains the User ID from the User Entity.
- If you want to use the value in the Federation ID field of the User Entity, select Assertion contains the Federation ID from the User entity.
- Identity Provider Login URL
If you want to specify the login URL of of the Identity Provider, enter the URL in this field. This field is optional.
- Identity Provider Logout URL
If you want to redirect the user to a specific URL when the user logs out of the portal, enter the URL in this field. This field is optional.
- Custom Error URL
If you want to redirect users to a custom error page when there is a login error, enter the URL in this field. This field is optional.
- Service Provider Initiated Request Binding
Define how the system will contact the Identity Provider. If the Identity Provider requires a Post Request to verify the user, select HTTP Post. If the Identity Provider requires a redirect to verify the user, select HTTP Redirect.
- Login Button
If you want to show a Login button on the Login Page, check this option. It will have the Name field on it.
- Associate with a Custom Community
If you want to associate the login with and redirect users to one of your Custom Communities, select the Custom Community from the dropdown list. This field is optional.
- User Provisioning Enabled
If you want to enable new users to automatically create user accounts in Magentrix when logged in through SSO, select Enabled.
- Click Save & Close.
<< About Single Sign-On | Required SAML Attributes for Just-In-Time Provisioning >>