SAML

Updated on 11 Sep 2023
2 Minutes to read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

About this Article

This article provide information about SAML SSO including SAML integration workflow, configuration of SAML using CMS, Okta, Login/logout with SAML SSO.

SAML SSO and CMS Workflow

An existing Identity Provider can be configured in CMS and utilized for authentication purposes. The below diagram provides an overview of CMS workflow with the configured SAML SSO, when a user tries to log in OR log out: SAML Workflow

Configuration of SAML on CMS

Navigate to Administration > Access Management in the left navigation pane, Select tab SAML
Provide the below information by expanding each section:
1. General Settings – Enable or disable SAML and Verbose Logging
2. Identity Provider (IDP) Settings – Provide the Name, Metadata, URL, Auto update Metadata, Allowed Clock Drift (in seconds) and Entity ID
3. Service Provider Settings – Organization Name, URL, SP Entity ID, Signs Request, Reject Unassigned Assertions, Protocol Binding, SSO URL, SSO Logout URL
4. User Attributes Settings – SAML attributes in IDP for the specified fields – Email, First Name, Last Name and Phone Number
5. SAML Group Mapping – SAML Group Attribute Name, Default Role (from dropdown), SAML Group Attribute Type (Single Value, Multiple Nested, Single Delimited), SAML Role and CMS Role Mapping
6. To add a Group to Role Binding, follow the below steps:
  1. Click on the "+" icon under Group to Role Binding
  2. Provide the SAML Group Name and select the corresponding CMS Role from the dropdown.
7. Group to Role Binding can be deleted by clicking delete icon against the corresponding binding details
Click Save

Configuration of SAML using Okta

Log in to the Okta Web console with valid credentials
Create an Application for VSP using the steps below:
1. Navigate to Applications > Applications in the left navigation pane. Click Create App Integration
2. Select the Sign-in method as SAML 2.0. Click Next
3. Provide the App Name (App Logo field is optional). Click Next
4. Provide the below information:
  1. Single Sign On URL: https://<CMS_IPAddress>/services/sso/saml/SSO
  2. Recipient URL: https://<CMS_IPAddress>/services/sso/saml/SSO
  3. Destination URL: https://<CMS_IPAddress>/services/sso/saml/SSO
  4. Audience URL: https://<CMS_IPAddress>/services/sso/saml/metadata
  5. Name ID Format: Unspecified
  6. Application username: Custom and Custom Rule: user.email
  7. Maintain the default values for the other fields
5. Click Next
6. Select the option “I’m an Okta customer adding an internal app”. Click Finish
Create users and associate them with the newly created Application using the steps below:
1. Navigate to Directory > People in the left navigation pane. Click Add person
2. Provide the required information. Username must be an Email ID. Click Save
3. On the People page, click on the required user
4. Click Assign Applications
5. Select the newly created Application. Click Done
6. Assign Application to all the required users

Log in with SAML

Once a SAML IDP is configured on CMS, the link Login with SAML is displayed on the CMS log in page
Click Login with SAML
User is redirected to the SAML SSO login page
After a successful login, the user is redirected to the CMS dashboard page

SAML User Log out

When a SAML user tries to log out of the CMS session, a request is sent to the IDP for log out
Once the log out is successful on IDP, log out action on CMS is completed and the CMS log in page is displayed

Was this article helpful?

What's Next

LDAP

Table of contents

SAML SSO and CMS Workflow
Configuration of SAML on CMS
Configuration of SAML using Okta
Log in with SAML
SAML User Log out