SAML Authentication

Security Assertion Markup Language (SAML) can be used to provide User authentication for the 1Integrate user interface.

     Warning: Once SAML is enabled, the REST API can only be accessed with API Keys.

  • 1Integrate requires that both the private key and the signing certificate used by your SAML provider are present in a key store local to 1Integrate.

  • Whilst enabled, SAML will be the only method available for accessing the 1Integrate UI.

Configuring SAML

With an existing SAML provider, SAML authentication can be configured with the following steps:

  1. Setup your SAML provider to support 1Integrate, considering the following:

    • The key store containing your private key and signing certificate must be placed in the SETTINGS folder. It must be called saml.keystore and be of type JKS.

           Note: You may need to generate these keys yourself and configure them within your SAML provider, particularly if it does not allow the private key to be accessed, e.g. Microsoft Entra.

    • Set your SAML providers reply URL to: https://<host>/1Integrate/saml.

    • In your SAML provider, create roles to match the 1integrate permissions you need (see Configuring Users and Permissions for more). Once created, map these roles to the Users or Groups within you SAML provider.

  2. Configure the settings.properties file using the parameters in the Configurable SAML Parameters table below.

  3. Before starting 1Integrate, ensure the INTEGRATE_SAML_ENABLED environment variable is set to true.

  4. If configured correctly, the HTTPS URL for your 1Integrate log-in page will redirect to your SAML provider for authentication.

Configurable SAML Parameters

Property

Type

Description

authentication.saml.login_url

string

The Login URL taken from your SAML configuration

authentication.saml.logout_url

string

The Logout URL taken from your SAML configuration.

 

authentication.saml.entity_id

string

The Entity ID set in your SAML configuration.

authentication.saml.metadata_url

string

Your SAML provider's metadata URL.

authentication.saml.role_attribute

string

The attribute in your SAML provider that contains the roles that have been mapped to the 1Integrate permissions, e.g. for Entra http://schemas.microsoft.com/ws/2008/06/identity/claims/role

authentication.saml.key_alias

string

The alias from your key store for the private key.

authentication.saml.key_password

string

The password, taken from your key store for the private key.

authentication.saml.certificate_alias

string

The alias from your key store for the signing certificate.

authentication.saml.keystore_password

string

The password to access the key store being used.

authentication.saml.principal_attribute

string

The SAML attribute used to represent authenticated users' usernames throughout 1Integrate. The default value http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress should be changed depending on needs/SAML Provider.