Create SAML Connection
App Management
Create a new SAML App
To create a new SAML App, click on the "Add" button on the top right of the Applications table inside the Identity Provider tab. After you have clicked on that button, you'll see this modal
You have to fill the required parameters
Name: it's the internal name of the App and it allows you to identify the service.
ACSUrl: it's the Assertion Consumer Service URL where the Identity Provider has to redirect the user once the login procedure has been completed. It's the URL where the XML assertion is consumed and if it's valid, the user is authenticated.
EntityID: it's the unique name of your Service Provider
Once you have created the App, you will see the App's information
Here you can download the certificate you need to upload in your Service Provider so it can validate the SAML Assertion received. You can also update the App's information.
Update SAML App
You have to click on the "edit" button on the right of the SAML app you want to upload. In this section you can update the basic information and then you can update the groups enabled to access the app using the groups table. Once you have finished to update the app, remember to click on the save button.
By default, the app is created with no groups allowed to access it.
Attribute Name Management
You can find the attribute name management in the Attributes tab under the Identity Provider section. Here you will see your list of attributes already created.
Create a new attribute
You have to click on the "+" button on the top right of the attributes list and you will see this modal where you need to fill the required parameters.
Update attribute
You have to click on the "edit" button on the right of the attribute name you want to edit. You will see the modal in which you can update the attribute name.
Mapper Management
You can find the mapper management inside each SAML App created in your Identity Provider.
Create a new Mapper
You have to click on the "+" button on the top right of the mappers table and you will see this modal where you need to fill the required parameters.
You have to fill these parameters:
Attribute name: the attribute you want to map. You'll see the list containing all the available attributes for the current Identity Provider.
Mapper name: it's how this attribute is called for the current SAML App (the Service Provider)
Attribute type: possible values are:
SUBJECT: the attribute is mapped to be the subject authenticated in the SAML Response.
ATTRIBUTE. the attribute will be mapped to be the attribute of the authenticated subject.
You can have only one attribute name mapped to be the subject, the other ones can be only mapped to be the attributes.
Update Mapper
You have to click on the "edit" button on the right of the mapper you want to edit. You will see the modal in which you can update the mapper's information.
Delete Mapper
You have to click on the "delete" button on the right of the mapper you want to delete. You will see a modal in which you have to confirm your willing to delete it.
Users Management
You have to manage a list of users allowed to login in the Identity Provider. To manage this list, you have to click on the Passworless Auth tab and you will see the list of users.
In this table you can see 4 main information for each user:
Email: it's the email to which the registration code has been sent
Groups: it's the list of SAML groups in which the user has been put
Subscription: it's the status of the subscription. You can see 3 different statuses:
CONFIRMED: the user has received the registration code and he has correctly associated his identity with the Ianum's identity.
PENDING: the user has received the registration code but he has not used it yet. The code received is still valid.
EXPIRED: the user has received the registration code but he didn't use it before the expiration date.
Actions: you can update users' information, delete the user or generate the registration code again.
Create a new user
You have to click on the "+" button on the top right of the Whitelist users table and you will see this modal where you need to fill the required parameters. The email parameter will be the user's email to which we will send the secret code and the language parameter is the language of the email sent to the user.
User Confirmation
The user receives an email containing a security code and a link. If he clicks on the link, it will open the QR Code page where he has to scan the QR Code using the Ianum app and then, if the code contained in the email is still valid, he will see the confirmation page that confirms he has been registered successfully.
If the user has been asked to enter the registration code, he has to use the code sent through the email.
If the code is correct, he will see the previous page that says Successfully Joined
Update user
To update the user, you have to click in the "edit" button on the right of the user you want to update. You will see three main sections.
User Data
In this section you can update the contact email of the user or force the generation of a new security code. Remember to click on the button save to save the updates.
If you update the email property and the user is not confirmed, it will force the generation of a new security code.
User Attributes
In this section you can create new attribute values for each attribute names you created in the Attributes section of the Identity Provider. Remember to click on the button save to save the updates.
Last updated