SAML2.0 Application Setup

Many applications support the use of SAML2.0 Authentication with an SSO Portal. For these external applications, you can use the SAML2.0 Xiid Application to enable access through the SSO Portals you have created.

SAML2.0 Application Configuration

• Sign to the Xiid Agent Management Portal and navigate to the Applications tab.
• On the Applications screen, click the purple Choose button in the SAML2.0 card.
• On the Applications List for SAML2 screen, click the purple + Add Application button in the top right.
• In the Portal dropdown, select the SSO Portal(s) you would like this external application to be available through.
• Provide a human Description for the application and then click the purple Next button.
• In the Parameters section, provide the Domain associated with the external application. If you do not have a domain associated with the external application, use the domain name associated with your user login.
• In the Access Point field, enter the initial entry point for the Identity Provider Initiated SAML request. The Access Point will be defined by the Service Provider and will vary by SPs, however it is often described as the Service Provider Login URL.
  • Note: The Access Point is not the Assertion Consumer Service (or ACS). The ACS is used later in the SAML authentication flow and must be provided in the SAML payloads by the Service Provider.
• After reviewing the information for accuracy, click the purple Save button.

Service Provider (SP) Setup

TIP

Service Provider setup will vary by SP. Generally, you will need to enable SSO Authentication from the Administrator portal for your third-party Application. If you encounter difficulties, contact your SP for assistance.

After finishing has been enabled, you will need to provide the SSO and SLS URLs to the Service Provider so that the SP knows where to route login requests and how to handle sign in and logout requests from the application.

• To acquire the SSO and SLS URLs, navigate to the Applications List for SAML2 screen in the Xiid Agent Management Portal, find your SAML2 Application in the table, and click the purple Question Mark (?) button on the left side of the row (shown below in green).

• You will next be taken to the Help for SAML2 Application screen, which will display your SSO and SLS URLs.
• Use the purple Copy buttons to copy the SSO and SLS URLs into their respective fields into your Service Provider's SSO Configurations.

TIP

Each SAML2 Application generates its own SSO, SLS, and Public Certificate. Do not attempt to re-use the same URLs or certificates across different Xiid Applications.

• After copying the SSO and SLS URLs into the SAML Metadata Configuration for the Service Provider, copy the Public Certificate from the Xiid IM Agent over to the Service Provider.
• To obtain the Public Certificate, click the purple Next button from the SSO/SLS screen, and then click the purple Download Certificate button.
• A .pem file will be downloaded to your machine. Depending on the Service Provider, you will either need to upload the whole .pem file or copy the contents of it into a field in your Service Provider's configuration portal.

After this SAML Trust Relationship has been established between the Service Provider and Xiid, your SAML Application will be available in the designated SSO Portal(s) for use.