This module supports generic SAML authentication. It supports the use of metadata files to configure the settings on both provider and service side. You can still populate the fields manually if desired, but the result may not be fully functional, and those details are left to the customer. You will also want to review the general Auth Module document for more information on authentication as a topic.
- Reply URL as with other modules should be your server FQDN/sso (e.g. https://myserver.myorg.com/sso)
- Group Attribute is exactly that, the name of the attribute in your SAML instance that holds the group information, so we can resolve group membership.
- Account Name Style - You can choose a standard attribute to use for the account name, or define a custom attribute as needed.
Configure with metadata
- Click Settings on the left-hand nav menu, then select the Account Setup topic. From the menu at the top, select SAML and click Save. Do not enter any additional information at this time!
- Still on the Settings page, select the Advanced topic. You will see the SP metadata file listed there (saml-sp-metadata.xml). Click on it to download. Use this metadata file on your SAML IdP server.
- From the SAML server, get the IdP metadata file. Change the file name to "saml-idp-metadata.xml", then drag and drop the file onto the Advanced panel where it says "Drag a configuration file hereā¦"
- Refresh the window and switch back to the Account Setup topic on the Settings page. Check the setting to make sure they are what you expect them to be per your SAML provider. Make any customizations like the Account Name Style and Group Attribute. If you make any changes, be sure to click Save.