9.23 SAML Service Provider

Advanced Authentication facilitates you to authenticate with SAML 2.0 with the Web Authentication method.

WARNING:You must configure the SAML Service Provider method before adding it to an authentication chain.

NOTE:A chain with the SAML Service Provider method can be assigned only to the OAuth 2.0 event. Ensure to meet the following points:

  • The event must contain the Support Authorization Code enabled in the Advanced Settings section.

  • The SAML Service Provider method can be single or the first in the chain. Even if it is not the first method in the chain, it will be requested before the other methods.

  • The user who authenticates using the SAML SP method must be present in only one repository.

  • The SAML Service Provider method is not enrolled automatically when using the new Enrollment Portal. It must be enrolled for users before authentication.

To configure the SAML Service Provider method for Advanced Authentication, perform the following steps:

  1. Click Methods > SAML Service Provider.

  2. Click Add in Identity providers.

  3. Select SAML in Authentication type.

  4. Click the arrow icon.

  5. Specify the identity provider name in Identity Provider.

  6. Specify the attribute name used in the SAML assertion that identifies the user in Assertion Attribute. By default it is set as username.

  7. Click Choose File to upload the Identity Provider Metadata file.

    IMPORTANT:Ensure that you choose the Identity Provider Metadata file that is exported from a used Identity Provider. Do not use the metadata file exported from the Administrative Portal > Policies > Web Authentication.

  8. Click the save icon.

  9. Click Save.

NOTE:You can obtain Service Provider metadata from Advanced Authentication. Use the URL mentioned below to obtain the Service Provider metadata:


In the above URL, the TENANT must be replaced by the actual tenant name. Use TOP as the TENANT name if you are not using the Advanced Authentication as SaaS version or the multi-tenancy feature is not enabled.