SAML
  • 11 Sep 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

SAML

  • Dark
    Light
  • PDF

Article summary

About this Article
This article provide information about SAML SSO including SAML integration workflow, configuration of SAML using CMS, Okta, Login/logout with SAML SSO.


SAML SSO and CMS Workflow

An existing Identity Provider can be configured in CMS and utilized for authentication purposes. The below diagram provides an overview of CMS workflow with the configured SAML SSO, when a user tries to log in OR log out:SAML Workflow


Configuration of SAML on CMS

  1. Navigate to Administration > Access Management in the left navigation pane, Select tab SAML
  2. Provide the below information by expanding each section:
    1. General Settings – Enable or disable SAML and Verbose Logging
    2. Identity Provider (IDP) Settings – Provide the Name, Metadata, URL, Auto update Metadata, Allowed Clock Drift (in seconds) and Entity ID
    3. Service Provider Settings – Organization Name, URL, SP Entity ID, Signs Request, Reject Unassigned Assertions, Protocol Binding, SSO URL, SSO Logout URL
    4. User Attributes Settings – SAML attributes in IDP for the specified fields – Email, First Name, Last Name and Phone Number
    5. SAML Group Mapping – SAML Group Attribute Name, Default Role (from dropdown), SAML Group Attribute Type (Single Value, Multiple Nested, Single Delimited), SAML Role and CMS Role Mapping
    6. To add a Group to Role Binding, follow the below steps:
      1. Click on the "+" icon under Group to Role Binding
      2. Provide the SAML Group Name and select the corresponding CMS Role from the dropdown.
    7. Group to Role Binding can be deleted by clicking delete icon against the corresponding binding details
  3. Click Save



Configuration of SAML using Okta

  1. Log in to the Okta Web console with valid credentials
  2. Create an Application for VSP using the steps below:
    1. Navigate to Applications > Applications in the left navigation pane. Click Create App Integration
    2. Select the Sign-in method as SAML 2.0. Click Next
    3. Provide the App Name (App Logo field is optional). Click Next
    4. Provide the below information:
      1. Single Sign On URL: https://<CMS_IPAddress>/services/sso/saml/SSO
      2. Recipient URL: https://<CMS_IPAddress>/services/sso/saml/SSO
      3. Destination URL: https://<CMS_IPAddress>/services/sso/saml/SSO
      4. Audience URL: https://<CMS_IPAddress>/services/sso/saml/metadata
      5. Name ID Format: Unspecified
      6. Application username: Custom and Custom Rule: user.email
      7. Maintain the default values for the other fields
    5. Click Next
    6. Select the option “I’m an Okta customer adding an internal app”. Click Finish
  3. Create users and associate them with the newly created Application using the steps below:
    1. Navigate to Directory > People in the left navigation pane. Click Add person
    2. Provide the required information. Username must be an Email ID. Click Save
    3. On the People page, click on the required user
    4. Click Assign Applications
    5. Select the newly created Application. Click Done
    6. Assign Application to all the required users


Log in with SAML

  1. Once a SAML IDP is configured on CMS, the link Login with SAML is displayed on the CMS log in page
  2. Click Login with SAML
  3. User is redirected to the SAML SSO login page
  4. After a successful login, the user is redirected to the CMS dashboard page 

 

SAML User Log out

  1. When a SAML user tries to log out of the CMS session, a request is sent to the IDP for log out
  2. Once the log out is successful on IDP, log out action on CMS is completed and the CMS log in page is displayed

Was this article helpful?

What's Next