Enabling and Configuring Magentrix As An Identity Provider
Administrators can enable a portal to be used as an Identity Provider for Single Sign-On to external service providers. Administrators can obtain security certificates to add and configure service providers.
Requirements
To add and configure Service Providers to enable the portal as an Identity Provider, users must be assigned a security role with the following permissions:
- Administrator System Role
To use the Identity Provider feature, SAML must be enabled.
To enable Magentrix as an Identity Provider:
- In the Setup Home page, click Security > Identity.
- Enter a Name and Unique Name.
- Click Enable.
To add and configure Service Providers:
- In the Setup Home page, click Security > Identity.
- If you want to create a new Service Provider, click Download Certificate. You will need the security certificate to authenticate the Identity Provider to the external Service Provider. Click New External App.
If you want to configure an existing Service Provider, click the Service Provider, then in the next screen, click Edit. - Configure the following fields:
- Name
Enter the name of the Service Provider.
- Unique Name
Automatically populated from the Name field.
- Contact Email
Enter a contact email address.
- Contact Phone
Enter an optional contact phone number.
- Description
Enter an optional description for the Service Provider.
- Enable SAML
Indicates SAML is enabled.
- Entity Id
Enter the Entity Id provided by the Service Provider. Often referred as the Issuer.
- ACS URL
Enter the ACS URL by the Service Provider.
- Subject Type
If you would like to use the username as the subject, select Username. If you would like to use the user ID as the subject, select User ID.
- Service Provider Certificate
Upload the Security Certificate that provides authentication between your portal and the Service Provider. Contact your Service Provider or refer to their technical documentation in order to acquire this certificate.
- Encrypt Assertion
Check the checkbox to encrypt the SAML assertion. If enabled, you will need to provide the Magentrix identity provider certificate to the service provider.
- Sign Assertion
Check the checkbox to sign the SAML assertion.
- Click Submit.
On you Service Provider side, you will need to provide the Single Sign-On Service URL.
This URL may vary depending on what you configured on the SP "Service Provider Initiated Request Binding" setting. The different URLs for HTTP Post or HTTP Redirect can be found by accessing the Metadata URL available under "Discovery Endpoints".
<< About Magentrix Identity Providers | Creating and Editing SAML Attributes for Service Providers >>