Step 2 – Creating the Connection
Click Identity Providers in the purple navigation pane.
Click Add New.
Type in a name for the connection, the domain name you used during domain verification, and leave the protocol to SAML 2.0, and click Continue. You should see a screen similar below.
Here you need to type in the Entity ID, Login and Logout URLs, and the IdP Public Certificate. You can obtain this information from your Identity Provider.
Also on this page are options for Account Policy and Attributes.
Manage User Profile – If active, user profiles will be created upon the first login and will update with every subsequent login. If disabled, users’ app access must be handled manually.
Roles Mapping – If active, users’ roles will be validated based on the groups mapped in the Role Mapping area. If disabled, users’ roles are managed manually.
Attributes are pieces of information such as First Name, Last Name, Email Address, Phone Number, etc that we will need from your Identity Provider. We recommend adding attributes for first and last name, group name, phone number, username(email address), and Card ID.
To add an attribute, click Add Attribute.
Label – Type in a display name (Ex. Email Address)
Actual attribute name in SAML response – This is the actual name of the attribute within your Identity Provider. You may need to research your provider for details on obtaining this.
User Attribute Mapping – Select the corresponding label here (For email address select Username)
Skip if Blank – Use if some users may have blank info for the specific attribute. An example would be phone number; not all users may have a phone number so we need to be able to skip that information if needed.
Click Save when you are done.