This article explains how to set up and use the SAML 2.0 Connector so that users can log on to multiple web applications after logging in one time to the identity provider.
In this article:
What is the SAML 2.0 Connector
Many organizations use a Single Sign On (SSO) to manage user identities in a central location.
SAML Single Sign-On allows users to log on to multiple web applications after logging into the identity provider. Because the user only has to log in once, SAML SSO provides a faster, seamless user experience.
What Identity Providers support SAML 2.0?
The SAML 2.0 Connector can be used with any Identity Provider that supports the SAML 2.0 protocol.
[DROPDOWN] IdP services known to support SAML protocol
[DROPDOWN-OPTION] Dot Net Workflow
[DROPDOWN-OPTION] Elastic SSO Team & Enterprise
[DROPDOWN-OPTION] Entrust GetAccess & IdentityGuard (check protocol supported)
[DROPDOWN-OPTION] EIC (check protocol supported)
[DROPDOWN-OPTION] Ilex Sign&go
[DROPDOWN-OPTION] NetIQ Access Manager
[DROPDOWN-OPTION] RCDevs Open SAMPL IdP
[DROPDOWN-OPTION] Optimal IdM VIS Federation Services
[DROPDOWN-OPTION] Oracle Access Manager (part of Oracle Identity Federation)
[DROPDOWN-OPTION] PingFederate (IDP Light)
[DROPDOWN-OPTION] RSA Federated Identity (IDP Light)
[DROPDOWN-OPTION] Tivoli Federated Identity Manager
[DROPDOWN-OPTION] Ubisecure SSO
[DROPDOWN-OPTION] WSO2 Identity Server
How to set up SAML 2.0 Connector
✅ Step 1 - Create customized subdomain
Select the (1) Organization Settings tab and click (2) Add customized subdomain.
You will be charged $100 USD per month for this feature.
✅ Step 2 - Choose SAML 2.0 Connector
You can configure SSO for any identity provider that supports SAML 2.0.
✅ Step 3 - Enter values from your Identity Provider
The required values are:
- SAML 2.0 Endpoint
- IDP X509 Public Key
- Public Key
- Private Key
You must enable response encrypt assertion.
✅ Step 4 - Customize your interface
You can upload a logo and choose a primary and secondary color to customize your subdomain
✅ Step 5 - Deploy
Confirm your customized subdomain by clicking the I agree box.
You will be charged monthly using the payment method you added for monthly subscription fee payments.
✅ Step 6 - Configure IDP settings
Deploy subdomain and configure the following settings in your IDP:
- Audience (EntityID)
- ACS (Consumer) URL
- Metadata URL
- Response encrypt assertion must be enabled
- SAML encryption method AES-256-CBC or superior
- SAML signature algorithm SHA-256 or superior
This setup is provider specific, for any questions on how to integrate the Audience (EntityID), ACS (Consumer) URL, and Metadata URL given by Deel, please contact your Identity Provider directly.
You can return to this Identity Provider pop-up from Organization Settings > General