The Instilled platform supports many different methods of authenticating users. One of which ways is through the use of Single Sign On (SSO). This document will highlight the use of SSO and the different methods available within Instilled.
The most common form of SSO is called SAML 2.0 (Security Assertion Markup Language). For an in-depth description of the technicalities around SAML, please visit this site.
This article describes what information is required by both the customer (the Identity provider or IdP) and Instilled (the service provider or SP) to configure SAML integration between customer applications and the Instilled Platform.
No but Assertion transmission is ALWAYS sent over SSL
Required information from customer:
- Metadata File: Customer will provide Identity Provider (IdP) metadata file in XML format
- Certificate: Signed SSL certificate, if not included in the metadata
- Required Attributes: SAML Assertion from customer MUST contain the following required attributes:
- Unique user identifier provided by IdP
- Email address for user
- Given name of user
- Surname of user
- Auto-provision Group (not required): User group on the Instilled platform in which auto-provisioned users should be placed.
Provided to the customer
- Metadata File: Instilled will provide a Service Provider (SP) metadata file in XML format to the customer, which will include SSL certificate.
The Instilled team is happy to help the customer in configuring SAML SSO. It should be noted that the customer can configure this themselves within the interface by going to the Platform Settings -> Authentication Tab -> Creating a new SAML Configuration.