Configuring SAML Authentication

Configuring SAML Authentication in Licensing Management Platform requires that you configure Licensing Management Platform and Identity Provider (IdP) information on both consoles in order to facilitate communication between the systems.
Note:

Your IdP may use different terminology. For more information consult your IdP's documentation.

  1. In the Licensing Management Platform console, go to Administration > SAML Authentication.

    The SAML Authentication screen appears.

  2. In the Service Provider Metadata section, copy or download the following information that you need to provide to your IdP:
    • Service Provider entity ID: Identifies the Service Provider application

    • Single Sign On URL (ACS): The endpoint URL responsible for receiving and parsing a SAML assertion (also referred to as "Assertion Consumer Service")

    • Certificate: The encryption certificate (verification certificate) in X.509 format

  3. In your IdP, configure Licensing Management Platform as a "SAML application". Use the information provided in the following table if required by your IdP.

    Setting

    Value

    Service Provider entity ID

    Obtained in step 2

    Single Sign On URL (ACS)

    Obtained in step 2

    Certificate

    Obtained in step 2

    Application username

    Email

    Assertion Signature

    Unsigned

    Signature Algorithm

    RSA-SHA256

    Digest Algorithm

    SHA256

    Assertion Encryption

    Encrypted

    Authentication context class

    X.509 Certificate

    Attribute Statements

    • Name: FED_ID

    • Name format: Unspecified

    • Value: user.FED_ID

    Important:

    Required in order to associate Licensing Management Platform user names with Identity Provider user accounts.

  4. In order to link your IdP user accounts to Licensing Management Platform user accounts, you must create a custom attribute in your IdP. Use the information provided in the following table if required by your IdP.

    Setting

    Value

    Data type

    string

    Display name

    FED_ID

    Variable name

    FED_ID

    Attribute required

    Yes

    Important:

    To map a user's Licensing Management Platform account credentials to their IdP user account, you need to specify their Licensing Management Platform account name as the value of the FED_ID attribute in their IdP user account settings.

  5. Obtain the necessary information from your IdP and configure the Identity Provider (IdP) Settings:
    1. Beside IdP integration, select Enable.
    2. Specify the following Identity Provider information:

      Item

      Description

      IdP display name

      Used to identify the IdP on the Licensing Management Platform console (for example, on the Sign In screen)

      IdP entity ID / issuer

      Identifies the IdP application

      IdP Single Sign On URL

      The endpoint dedicated to handle SAML transactions

      Certificate

      The encryption certificate (signing certificate) in X.509 format

    3. Click Save.