|Working with SAML|
IBM Aspera Faspex supports Security Assertion Markup Language (SAML) 2.0, an XML-based standard that allows secure web domains to exchange user authentication and authorization data. With the SAML model, you can configure Faspex as a SAML online service provider (SP) that contacts a separate online identity provider (IdP) to authenticate users. Authenticated users can then use Faspex to access secure content.
With SAML enabled, Faspex redirects a user to the IdP sign-on URL. The user signs in with the IdP and the IdP sends a SAML assertion back to Faspex, which grants the user access to Faspex. When a SAML user logs in to Faspex for the first time, Faspex automatically creates a new user account based on the information provided by the SAML response. Any changes subsequently made to the account on the DS server are not automatically picked up by Faspex. For more information about user provisioning for SAML users, see User Accounts Provisioned by Just-In-Time (JIT) Provisioning.
To use SAML with Faspex, you must already have an identity provider (IdP) that meets the following requirements:
In the following example,
East Department and West Department are the names of two SAML configurations.
If users need to access a SAML IdP that is not the default IdP, users can use domain URLs to directly access a SAML configuration.
Users also have the option of bypassing the SAML redirect and logging into Faspex from the local login page. For more information, see Bypassing the SAML Redirect.