Basic SAML Setup
General: This indicates that your software is looking for general SAML configuration. Okta, Azure AD, Ping, etc. are Identity Providers (IdP) that supports SAML, so you can select a relevant type here if your software provides specific option.
This is a descriptive name for your identity provider. You can input <SSO Provider Name> (i.e. "Okta", "Ping", "Google", etc.) or any other identifier that makes sense for your environment.
IdP Entity ID: This is a unique identifier for your SSO instance. You can find this in the metadata XML file provided by your SSO provider, typically in the tag with the entityID attribute. Issuer: This value can also be found in the metadata under the tag.
Single Sign-On URL: This is the URL where SAML authentication requests should be sent. In your SSO provider, you’ll find this in the metadata XML file under the tag with the Binding="HTTP-Redirect" attribute.
Single Logout URL: This is optional depending on whether your application supports single logout. If supported, you can find the Logout URL in the metadata file under the tag.
Certificate: This is used to sign the SAML assertions and ensure the response is coming from a trusted source. You can find this in the metadata file within the tags. You need to copy the entire certificate (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) and paste it into this field.
Character Encoding: Ensure this is checked if your application requires encoding to properly read the certificate format. This is often necessary to avoid issues with certificate parsing.
These items will fully enable auto-user provisioning through SSO and updating.
- However "bi-directional" SSO delete is not yet included in the application.
- i.e. When a user loses access in the 3rd party SSO the user will stay active for a period of time before they will be listed as deactivated within the application software.
