9.32.1 SAML for Advanced Authentication

To add the SAML Identity Provider, perform the following steps:

  1. Specify the identity provider name in Identity Provider.

  2. Select the Available presets for Name ID Format.

    The Name ID Format is automatically populated.

    or

    Specify manually in Name ID Format.

  3. Click Browse to upload the Identity Provider Metadata file.

    WARNING:Ensure that you choose the Identity Provider Metadata file that is exported from a used Identity Provider. Do not use the metadata file exported from the Administrative Portal > Policies > Web Authentication.

    NOTE:

    • The Web Authentication method supports only HTTP-POST for the Single Sig-On (SSO) Service Binding parameter in the metadata file. The HTTP-Redirect is not supported.

    • If you upgrade to Advanced Authentication 6.4 or later versions whereas the WebAuth method is already configured, you must update the Advanced Authentication’s metadata in your IDP to include a single logout service.

  4. Click the save icon.

  5. In the Upload SAML Service Provider signature certificate section, you must upload a certificate file in the PEM format with a private key. This certificate is used by the Web Authentication method to sign a SAML AuthnRequest token.

    If the private key is protected by a password, specify the password in Private key password.

  6. Click Save.