Adding a SAML identity provider

Last Updated : Apr 21, 2022 |

About this task

When you add a SAML identity provider, users can log in to the Configuration Server web portal with the same credentials as they log in to the identity provider application. When the identity provider users log in for the first time, the Configuration Server makes their configuration details available in the Security App. You can view and edit the imported users on the User Management screen.

You can also assign a global role to the identity provider. The Configuration Server assigns this global role to all users that log in with SAML.

Before you begin

  • Add the Configuration Server to the SAML identity provider.

  • Obtain a metadata file in the .ashx format from you identity provider.

Procedure

  1. Open the metadata file with an XML editor.
  2. Copy the text between the <X509Certificate> and </X509Certificate> tags.
  3. On the Security App navigation menu, click SAML Management.
  4. At the top-right corner of the screen, click the Add icon.
  5. On the Add SAML screen, in Single Sign-On Service URL, type the URL for sending authentication requests.
  6. In X.509 Certificate, insert the copied X.509 certificate text.
  7. Optional In Global Role, select the appropriate global role.

    The Configuration Server assigns all the logged-in SAML users with the specified global role. You can later change the user's global role from the User Management screen.

  8. To assign a network tenant to the user, in Tenants, select the required tenant.

    When a user logs in to the Configuration Server web portal for the first time, the Configuration Server assigns the tenant to the user automatically.

  9. Click Commit.

    The Configuration Server saves the SAML identity provider details and redirects you to the SAMLs screen.

Related information
Global role overview