This article describes how to configure a SAML provider.
If you are using Okta – look here
If you are using G suite – read here first.
If you are using Azure – read here first
If you are using ADFS, read here
Currently, the platform supports G Suite, Okta, Azure, ADFS and configuring your own custom SAML provider. This can be an existing solution like Centrify, or a company specific solution. Siemplify supports a wide variety of authentication options provided by the SAML, including 2-factor authentication (2FA).
The Siemplify application uses the default sts of .NET core. Siemplify uses their library for the token authentication against the identity provider; only using the nameID property from the tokens.
The following steps should be taken to configure the provider:
- Configure SAML Provider
- Configure Users and invite them to Siemplify
For the purposes of this article, we will use G Suite as an example of a custom provider.
Configure SAML Provider
To configure the SAML Provider:
- Navigate to Settings > Advanced > External Authentication.
- Select G Suite.
- Fill out the following fields.
|Provider name||Add in the name of the provider. Note that the system will automatically have G Suite and Okta populated.|
|IDP Metadata||The IDP Metadata is SAML metadata and is used to share configuration information between the Identity Provider (IdP) and the Service Provider (SP). Note that if you use a certificate the following value WantAuthnRequestsSigned=” “ in xml should be true. If you are not using a certificate then set it to false.|
|Identifier||URL of the provider.|
|Audience URI (SP Entity ID||Siemplify server name. Can be either an IP URL, Host Name URL or Local Host URL. Note that users have to connect to Siemplify with the same URL pattern configured in this field in order to log in with SAML|
|Provider public certificate||The certificate is optional. It can be uploaded as necessary for custom custom providers.|
- Click Save in the top right corner.
- Restart the Siemplify server for the configuration to take place.
- Click Test in order to make sure the connection is working as expected.
The next stage is to add users that can access Siemplify through the new SAML provider that you just created.
To add and configure users:
- Navigate to Settings > Authentication > User Management.
- Click the + icon on the top right.
- Fill out the fields, making sure to choose G Suite Provider in the User Type field.
- Click Add when done. The user will appear in the list of Users with the G Suite icon to the left.
- Repeat for any users you need.
- Click the Send Invitation envelope to invite the user to sign into Siemplify.
Change SAML Providers
To change SAML providers in the Siemplify platform (Admin only):
- Disable users that are using the previous SAML Provider.
- Navigate to Settings > Organization > User Management.
- Select a user in the list that has the relevant SAML provider icon next to him.
- Click on the Edit icon and select the checkbox to Disable the user account.
- Repeat for all Users with custom SAML provider authentication.
- Change SAML Provider in the Settings > Advanced > External Authentication.
- Return to Settings > Organization > User Management.
- Create new users, making sure to select the new SAML provider in the User Type drop-down field.
- After creating a new user, make sure to send them an invitation to Siemplify with the Send Invitation link. The invitation will appear in the user’s mailbox and will look as follows:
Need more help with this?
Click here to open a Support ticket