Configuring SAML 2.0

After creating a SAML 2.0 provider in Identity Providers, the following tabs must be configured:

Identity Provider Settings

Identity Provider Settings tab for a SAML provider.

Parameter

Description
Name

Defined when adding the provider, the name you want to give this connection.

Link users by email?

Select this to map the emails provided by the remote system, to those already provided in your 1Data Gateway installation.

Creates identity provider links as users log in.

If you do not select Link users by email you will need to configure Identity Provider links manually. See the Users section for more.

Create missing users on login?

When a User logs in via this Identity Provider, if they do not have a user profile in the system they will have a user profile created.

This allows groups to be mapped to Identity Providers, allowing access to be restricted to groups.

Email Attribute

The name of the attribute that contains emails in your identity provider.

Name Attribute

The name of the attribute that contains users names in your identity provider.

Group Attribute

The name of the attribute that contains groups in your identity provider.

Map supplier membership by group

Enable this to access the Supplier Mappings tab.

Map access group membership

Enable this to access the Access Group Mappings tab.

SSO required?

Select to force users to connect to 1Data Gateway through single sign on. If this is set the user accounts linked to the IDP cannot login using a 1DG-local password and must authenticate against the remote system.

Service provider Settings

Service Settings tab for a SAML provider.

Parameter

Description

Entity ID

The URI location for the Identity Provider you are using.

SSO Service Location

The URI location for the Single Sign On service you are using.

Identity Provider Signing

Upload your certificate to this panel, and select validate responses.

     Note: The certificate presented must be a PEM file.

Identity Provider Signing tab for a SAML provider, which requires a certificate to be uploaded.

Service Provider Signing

Service Privider Signing tab for a SAML provider, showing the generated keys.

Parameter

Description

Sign Auth Requests?

Select to enable the signing of Authorization Requests.

Service Provider Certificate

The generated service provider certificate.

Service Provider Private Key

The generated service provider private key.

Supplier Mapping

After enabling and saving Map supplier membership by group in the Identity Provider Settings tab, the Supplier Mapping tab appears.

Supplier Mapping tab for a SAML provider.

You can create mappings that automatically add users to a supplier based on groups by clicking the Add button and entering the group.

Popout to add Supplier Mapping, requiring a group and a supplier.

Mappings can be deleted by clicking the Delete button and confirming deletion.

Access Group Mapping

After enabling and saving Map access group membership in the Identity Provider Settings tab, the Access Group Mapping tab appears.

Receiver Mapping tab for a SAML provider.

You can create access group permissions that automatically apply to Users within the specified group by clicking the Add button and entering the group.

Popout to add Reciever Mapping, requiring a group to be mapped.

Mappings can be deleted by clicking the Delete button and confirming deletion.