NOTE: |
Refer to Introduction to Configuring Authentication Methods before proceeding. |
NOTE: |
Implementing new users has licensing implications, contact us to ensure you have valid licensing. |
Security Assertion Markup Language (SAML) is an XML-based open standard data format for exchanging authentication and authorization between parties, in particular, between an Identity Provider (IDP) and a Service Provider (SP). When using SAML, there is no need for user synchronization.
Users with author, project administrator, or system administrator roles can connect to the Server from the Editor with SAML configured. Refer to Managing Your Editor Configuration Settings: Specifying The Server Connection.
- Click the Administration cog on the navigation bar of the Management Center.
- Select in the left navigation menu.
- Choose from the following options:
NOTE:
To expand or collapse each authentication method information section, click the arrow beside the authentication method name. This setting will be saved.
If You Want To
Then
Add an authentication method
- Click the drop-down arrow to the right of the Add Method action button.
- Select .
- Go to the next step.
Edit an authentication method
- Click EDIT beside the authentication method you want to edit.
- Go to the next step.
Enable/disable an authentication method
Click the ON/OFF toggle beside the authentication method you want to turn on or off.
NOTE: You can have multiple authentications turned on, but you must have at least one turned on.
- Complete/edit the following fields:
Field
Description
Method Name
Enter a unique name to identify the authentication configuration.
Issuer URL
Enter the URL to the IDP issuing the security token.
IDP SAML Endpoint
Enter the URL to your company’s IDP.
For example:
ADFS: https://adfs.mycompany.com/adfs/ls
CA Siteminder: https://agfed.mycompany.com/affwebservices/public/saml2sso?SPID=[service provider URL]
Ping: https://fsso.mycompany.com/idp/startSSO.ping
OKTA: https://mycompany.okta.com/app/.../.../sso/saml
Identity Provider Public Certificate
Enter the certificate text for the x509 certificate registered within the IDP.
NOTE: You will need to remove the header and footer text.
Enable IDP Initiated SLO
- Select this option to enable Single LogOut (SLO) functionality.
NOTE: If a user logs out through the IDP, they will also be logged out of the Management Center and Learning Library.
- Enter the URL for the logout page of the IDP in the IDP Logout Endpoint field.
- Select the Sign LogoutResponse option to require that signout requests be signed with an SSL certificate.
PROFILE MAPPING section
This section lists all of the user attributes available within a user account on the Server. You can map each user profile field to your IDP by entering a Claim for it. You can enter a default value for any claim that is not unique to a user by putting quotes around the value.
NOTE: User edits to a Claim supplied by an IDP will be overwritten by the IDP value.
- Enter the name of the Claim provided by the IDP which contains the External ID value to be used.
NOTE: This value should remain unchanged for a specific user.
- Refer to Creating And Managing User Accounts for more information on each user profile field.
- Select this option to enable Single LogOut (SLO) functionality.
- Click Save.