Create SAML Connection

App Management

Create a new SAML App

To create a new SAML App, click on the "Add" button on the top right of the Applications table inside the Identity Provider tab. After you have clicked on that button, you'll see this modal

You have to fill the required parameters

  • Name: it's the internal name of the App and it allows you to identify the service.

  • ACSUrl: it's the Assertion Consumer Service URL where the Identity Provider has to redirect the user once the login procedure has been completed. It's the URL where the XML assertion is consumed and if it's valid, the user is authenticated.

  • EntityID: it's the unique name of your Service Provider

Once you have created the App, you will see the App's information

Here you can download the certificate you need to upload in your Service Provider so it can validate the SAML Assertion received. You can also update the App's information.

Update SAML App

You have to click on the "edit" button on the right of the SAML app you want to upload. In this section you can update the basic information and then you can update the groups enabled to access the app using the groups table. Once you have finished to update the app, remember to click on the save button.

By default, the app is created with no groups allowed to access it.

Attribute Name Management

You can find the attribute name management in the Attributes tab under the Identity Provider section. Here you will see your list of attributes already created.

Create a new attribute

You have to click on the "+" button on the top right of the attributes list and you will see this modal where you need to fill the required parameters.

Update attribute

You have to click on the "edit" button on the right of the attribute name you want to edit. You will see the modal in which you can update the attribute name.

Mapper Management

You can find the mapper management inside each SAML App created in your Identity Provider.

Create a new Mapper

You have to click on the "+" button on the top right of the mappers table and you will see this modal where you need to fill the required parameters.

You have to fill these parameters:

  • Attribute name: the attribute you want to map. You'll see the list containing all the available attributes for the current Identity Provider.

  • Mapper name: it's how this attribute is called for the current SAML App (the Service Provider)

  • Attribute type: possible values are:

    • SUBJECT: the attribute is mapped to be the subject authenticated in the SAML Response.

    • ATTRIBUTE. the attribute will be mapped to be the attribute of the authenticated subject.

You can have only one attribute name mapped to be the subject, the other ones can be only mapped to be the attributes.

Update Mapper

You have to click on the "edit" button on the right of the mapper you want to edit. You will see the modal in which you can update the mapper's information.

Delete Mapper

You have to click on the "delete" button on the right of the mapper you want to delete. You will see a modal in which you have to confirm your willing to delete it.

Users Management

You have to manage a list of users allowed to login in the Identity Provider. To manage this list, you have to click on the Passworless Auth tab and you will see the list of users.

In this table you can see 4 main information for each user:

  • Email: it's the email to which the registration code has been sent

  • Groups: it's the list of SAML groups in which the user has been put

  • Subscription: it's the status of the subscription. You can see 3 different statuses:

    • CONFIRMED: the user has received the registration code and he has correctly associated his identity with the Ianum's identity.

    • PENDING: the user has received the registration code but he has not used it yet. The code received is still valid.

    • EXPIRED: the user has received the registration code but he didn't use it before the expiration date.

  • Actions: you can update users' information, delete the user or generate the registration code again.

Create a new user

You have to click on the "+" button on the top right of the Whitelist users table and you will see this modal where you need to fill the required parameters. The email parameter will be the user's email to which we will send the secret code and the language parameter is the language of the email sent to the user.

User Confirmation

The user receives an email containing a security code and a link. If he clicks on the link, it will open the QR Code page where he has to scan the QR Code using the Ianum app and then, if the code contained in the email is still valid, he will see the confirmation page that confirms he has been registered successfully.

If the user has been asked to enter the registration code, he has to use the code sent through the email.

If the code is correct, he will see the previous page that says Successfully Joined

Update user

To update the user, you have to click in the "edit" button on the right of the user you want to update. You will see three main sections.

User Data

In this section you can update the contact email of the user or force the generation of a new security code. Remember to click on the button save to save the updates.

If you update the email property and the user is not confirmed, it will force the generation of a new security code.

User Attributes

In this section you can create new attribute values for each attribute names you created in the Attributes section of the Identity Provider. Remember to click on the button save to save the updates.

PreviousConceptsNextAdvanced Configuration

Last updated