Objective
- ANCILE uAlign can provide single-sign-on (SSO) capabilities through an Identity Provider (IdP) that supports Secure Assertion Markup Language 2.0 (SAML).
- Once single sign-on is enabled, the administrator can choose whether or not uAlign will continue allowing users to authenticate using uAlign's standard form-based authentication.
Environment
- Product: ANCILE uAlign
Prerequisites
- Administrator access to uAlign
- An Identity Provider (IdP) that supports Secure Assertion Markup Language 2.0 (SAML)
- Your Identity Provider (IdP) must be configured to include the user's email address as an attribute named User.email in the SAML response.
- The target URL for your Identity Provider (IdP) where uAlign will sends the SAML request during login.
- The public authentication certificate issued by your Identity Provider (IdP).
- Optional: The target URL to direct the user when logging out of uAlign. If no URL is provided, the user will be redirected to a uAlign general logged out page.
- Optional: The URL of the page users should be directed to if an error occurs with the SAML Provider. It must be a publicly accessible page.
Procedure
- Log into uAlign and click the Settings icon in the upper right.
- Click Organization.
- Click the Edit (pencil) icon on the far right of your organization.
- Click the Enable SAML 2.0 Authentication check box.
- Optionally, click the Allow ANCILE uAlign Form-based Authentication check box. Enabling this option will allow users to log on using their uAlign credentials.
- Select the desired SAML Token Unique Identifier format. This is the attribute that contains the the user's email address.
- Enter the Identity Provider SAML Target URL.
- Obtain the Public Certificate from the Identity Provider (IdP), copy the certificate value and paste it into the Identity Provider Public Certificate field.
- Optionally, enter the Identity Provider Logout URL. A user will be redirected to this URL when logging out of uAlign. If no URL is provided, the user will be redirected to a uAlign general logged out page.
- Optionally, enter the Identity Provider Error URL. A user will be redirected to this URL if an error occurs with the SAML Provider.
- Click Save.
Additional Information
- Refer to the documentation supplied by your Identity Provider (IdP).
Comments