9.1 Create an External SAML Identity Provider Application

Applications > New Application > SAML Application Identity Provider

You must create an application that represents the external identity provider. This application contains the metadata configuration information for the external identity provider. You obtain the metadata information from the documentation for the external identity provider. You also need to know what attribute you want to Single Sign-on to use to validate the user accounts when then authenticate. Currently, Single Sign-on only supports one identity provider application at a time.

To create an external SAML identity provider application:

  1. Gather the SAML metadata for the external identity provider from the documentation for the external identity provider.

  2. Determine which attribute you want use to Single Sign-on to use to validate the user accounts in the external identity provider.

  3. (Optional) Select Change Image, then browse and select an image to use for this SAML external identity provider.

  4. In Application Name, specify a unique name for the external SAML identity provider application.

  5. In Application Info, specify a detailed description of the SAML identity provider application so that other administrations can know its purpose.

  6. Select Enable to enable the SAML connection between Single Sign-on and the SAML identity provider.

  7. Select Advanced Settings to specify the attribute to validate the user accounts.

    1. In Assertion Attribute, specify the name of the attribute.

    2. Select Done, to save the attribute and close the side window.

  8. (Conditional) To manually create the metadata in XML, select Edit Metadata XML to manually created the metadata in XML

    1. (Conditional) Select Edit Metadata, then specify the metadata in properly formated XML.

    2. (Codnitional) Select Use Metadata File, then browse to and select the metadata file you want to use.

    3. Select Done.

  9. (Conditional) Populate the following fields to use the default SAML application template.

    Entity ID

    Specify the Entity ID to use in the SAML authentication.

    Login URL

    Specify the URL the external identity provider uses to initiate the login event.

    Signing Certificate

    Specify the signing certificate the external identity provider uses to allow secure authentications for the users.

  10. Select Save, to save the SAML identity provider.

Single Sign-on automatically creates an entry for this SAML identity provider in the Access Manager Methods under SAML Service Provider. You use this entry to create an authentication chain to use in a service application to use this SAML identity provider.