Configuring SAML 2.0

After creating a SAML 2.0 provider in Identity Providers, the following tabs must be configured:

ClosedIdentity Provider Settings

Identity Provider Settings tab for a SAML provider.

Parameter

Description
Name

Defined when adding the provider, the name you want to give this connection.

Map By Email?

Select this to map the emails provided by the remote system, to those already provided in your 1Data Gateway installation.

Creates identity provider links as users log in.

If you do not select Map By Email you will need to configure Identity Provider links manually. See the Users section for more.

Create missing users on login?

When a User logs in via this Identity Provider, if they do not have a user profile in the system they will have a user profile created.

This allows groups to be mapped to Identity Providers, allowing access to be restricted to groups.

Email Attribute

The name of the attribute that contains emails in your identity provider.

Name Attribute

The name of the attribute that contains users names in your identity provider.

Group Attribute

The name of the attribute that contains groups in your identity provider.

Map supplier membership by group

Enable this to access the Supplier Mappings tab.

Map receiver permission by group

Enable this to access the Receiver Mappings tab.

SSO required?

Select to force users to connect to 1Data Gateway through single sign on. If this is set the user accounts linked to the IDP cannot login using a 1DG-local password and must authenticate against the remote system.

ClosedService provider Settings

Service Settings tab for a SAML provider.

Parameter

Description

Entity ID

The URI location for the Identity Provider you will be using.

SSO Service Location

The URI location for the Single Sign On service you will be using.

ClosedIdentity Provider Signing

Upload your certificate to this panel, and select validate responses.

     Note: The certificate presented must be a PEM file.

Identity Provider Signing tab for a SAML provider, which requires a certificate to be uploaded.

ClosedService Provider Signing

Service Privider Signing tab for a SAML provider, showing the generated keys.

Parameter

Description

Sign Auth Requests?

Select to enable the signing of Authorization Requests.

Service Provider Certificate

The generated service provider certificate.

Service Provider Private Key

The generated service provider private key.

ClosedSupplier Mapping

After enabling and saving Map supplier membership by group in the Identity Provider Settings tab, the Supplier Mapping tab will appear.

Supplier Mapping tab for a SAML provider.

You can create mappings that automatically add users to a supplier based on groups by clicking the Add button and entering the group.

Popout to add Supplier Mapping, requiring a group and a supplier.

Mappings can be deleted by clicking the Delete button and confirming deletion.

ClosedReceiver Mapping

After enabling and saving Map receiver permissions by group in the Identity Provider Settings tab, the Receiver Mapping tab will appear.

Receiver Mapping tab for a SAML provider.

You can create receiver permissions that automatically apply to Users within the specified group by clicking the Add button and entering the group.

Popout to add Reciever Mapping, requiring a group to be mapped.

Mappings can be deleted by clicking the Delete button and confirming deletion.