8.3 Create a SAML Application

Applications > New Application > SAML Application

An application contains all of the required configuration information to allow you to create a SAML connection from Single Sign-on to other SAML services. Single Sign-on is the identity provider to any SAML service providers that support single sign-on or federation connections. A federation connection establishes a trust between Single Sign-on and a service. A service is an application, service, or resource that you want to provide a single sign-on experience to for your users.

NOTE:Currently, Single Sign-on only supports SP-initiated authentication applications.

The application contains the metadata for the service provider to allow single sign-on to occur for your users. The application also contains an appmark that provides simple access to the service with a single sign-on experience for your users.

To create an application for a SAML service provider:

  1. Gather the required information about the service to create the application.

  2. (Optional) Select Change Image, then browse and select an image to use for this SAML application.

  3. Use the following information to configure the SAML service provider:

    Application Name

    Specify a unique name for the application that contains the SAML service provider metadata.

    Applicaiton Info

    Specify the details about this application to help others understand what the application contains.

    Enable

    Select Enable to enable the SAML connection between Single Sign-on and the SAML service provider.

    Advanced Settings

    Use the information in Configure SAML Advanced Settings to define or enable the appropriate options for your environment.

    METADATA

    Use one of the following options to populate the metadata for the SAML service provide application:

    Manually create the metadata

    Select Edit Metadata XML, then specify the metadata in properly formated XML, or select Use Metadata File, then browse to and select the metadata file you want to use.

    Use the default SAML application template

    Populate the following fields to use the default SAML application template.

    Entity ID

    Specify the Entity ID to use in the SAML authentication.

    Attribute Consume Service Endpoint

    Specify the attribute for the consume service endpoint.

    Single Logout Service Endpoint

    Specify the single logout endpoint for the connected service.

    Signing Certificate

    Specify the signing certificate Single Sign-on uses to encrypt the authentication process.

    Federation Instructions

    Follow the federation instructions to configure the federation connection to the connected service.

    AUTHENTICATION CHAINS

    Select an authentication chain, select Select Chains. The Authentication Chain field is empty when you first create the application.

    NOTE:To select a different authentication chain or to chain your selection, click Select Chains.

    AUTHORIZATION POLICIES

    (Conditional) Select Authorization Policies to select the appropriate authorization policies for this application.

  4. Select New Appmark to create one or more appmarks for the SAML application.

  5. Select Save to save the SAML service provider application.