SAML Authentication
Last updated
Last updated
This article will cover how to configure an Airkit application to use SAML Authentication. In order to set up this authentication, there are few configurations needed at the organization level.
In order to configure SAML access to Airkit applications, the SAML Assertion Metadata must be generated from the Identity Provider (IdP) of choice. It will be used to share configuration credentials between the IdP and the Service Provider (SP). The IdP metadata usually contains the IdP certificate, the entity ID, the redirect URL, and the logout URL.
This XML file needs to be uploaded in the app, and determines which IdP should be receiving the SAML request. This is done in the Console. Select Settings from the options on the left. Then, from the submenu, select Organization to find the Authentication section. In "Manage SAML Configurations," click the Create New button.
Click on the dialog box located on the right side of the screen and manually upload the XML file, or simply drag and drop it to begin the upload instantly. Finally, press Create in order to generate the SAML configuration.
After uploading your metadata, you are able to configure properties associated with your SAML Authentication process.
User Lookup Attribute: For organization authentication, allows you to specify a different attribute to get the user's email. Some IDP's do not provide an email in the NameID attribute
Canvas only URL ACS: The ACS url for SAML apps. NOT for organization authentication.
ACS: An Assertion Consumer Service (ACS) URL has to be configured. The ACS URL is an endpoint on the service provider where the identity provider will redirect to with its authentication response.
Entity Id: An Entity ID is a globally unique name for a SAML entity, i.e., your Identity Provider (IdP) or Service Provider (SP).
Next, go to your application in the studio, and go to Configuration Builder. Under the Global section, change the App Authentication Type to Secure App, and make sure the Authentication Method is set to Custom. Finally, click the drop down under SAML and select the XML uploaded in the previous step.
Once you have completed the content of the application, save your changes and click Publish in the top right hand corner of the studio. Be sure to copy the link that users will utilize to access their application.
This is the URL that your IdP should redirect users back to after they authenticate, and this is called something different in each IdP. Okta calls it “Single Sign On URL,” Auth0 calls it the “Application Callback URL,” and OneLogin calls it the “ACS (Consumer) URL,” to name a few examples. Please refer to the documentation and settings for your specific IdP for where to input this URL.
After publishing your application and saving the URL to the IdP, users should be redirected to authenticate before using the application.
[block:embed] { "html": "<iframe class="embedly-embed" src="//cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4Q4Et2Uv1Y4%3Ffeature%3Doembed&display_name=YouTube&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D4Q4Et2Uv1Y4&image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F4Q4Et2Uv1Y4%2Fhqdefault.jpg&key=f2aa6fc3595946d0afc3d76cbbd25dc3&type=text%2Fhtml&schema=youtube" width="640" height="480" scrolling="no" title="YouTube embed" frameborder="0" allow="autoplay; fullscreen" allowfullscreen="true">", "url": "https://www.youtube.com/watch?v=4Q4Et2Uv1Y4&feature=youtu.be", "title": "Auth0 SAML auth Example", "favicon": "https://www.youtube.com/s/desktop/bc7edae9/img/favicon.ico", "image": "https://i.ytimg.com/vi/4Q4Et2Uv1Y4/hqdefault.jpg" } [/block]