-
In Faspex, go to Server > Authentication > SAML
Integration.
- Optional:
Import a SAML IdP's metadata to auto-populate the fields for SSO URL,
fingerprint, and certificate. You can import from a URL, from a saved file, or
from pasted text. Click Import Settings From Metadata
URL.
-
Enter a name for your configuration in the Name field.
This name is used by Faspex to differentiate between multiple SAML
configurations.
- Optional:
Configure the following SAML options.
- Publicly Visible: Determines whether Faspex
allows users to choose this IdP as an option from the local login
page.
- Public Login Instructions field: Displays a
description of the IdP and instructions on how to log in.
- Restrict access to known groups: Prevents SAML
users that are not members of existing Faspex SAML groups from logging
into this IdP.
- Default SAML Configuration: Determines if
accessing the Faspex URL redirects to this IdP or the local faspex login
page.
- Domain URL: Directs users to this IdP when they
access this alternate URL. For more information, see Configuring a Domain URL for SAML.
For more information on these options, see
Configure SAML Options.
If you chose to import a metadata file, the SSO target
URL, Name ID Format,
Fingerprint, and Certificate
fields have already been auto-populated with information.
-
In the SSO target URL field, enter your IdP Single
Sign-On URL.
-
Choose the Name ID Format used to authenticate with the
SAML IdP.
The Name ID format must match the format used with your IdP. Faspex supports
the following formats: Unspecified,
Transient, Persistent, or
Email Address. When set to
Unspecified, any Name ID format returned by the IdP
is accepted.
-
Enter the IdP Fingerprint or
Certificate. Only one of these two fields is required
to authenticate with the SAML IdP.
- Optional:
In the Allowable clock drift field, configure the
milliseconds allowed for clock drift between Faspex and the SAML IdP.
-
Configure the default profile fields. These fields must map to attributes in
your SAML IdP's SAML response. Enter the SAML Name for
each of the required fields: username, email, first_name,
and last_name.
Important: Once you set the value for username, do not change
it. If username is changed, existing SAML users can no longer log
into their existing Faspex accounts, but are instead given new accounts with
new usernames.
- Optional:
Configure local custom profile fields.
These are custom user attributes that only apply to this IdP.
Name is the name of the attribute displayed in
Faspex.
SAML Name is the name of the attribute as
configured in the IdP. To add a field, click
Add Local Profile
Field. For more information, see
Setting Up Custom SAML Fields.
Note: If you've configured custom attributes (
Server > User
Profile), these fields show up as Global Custom Profile
Fields that, if required, you must map to valid SAML names. For more
information about custom attributes, see
Configuring Custom User Fields.
-
Click Create SAML Configuration.
After creating a new SAML configuration, Faspex redirects you to the SAML
Configurations page and displays the existing SAML configurations.
Users can now access Faspex through SAML instead of going through the local login
page. For information about bypassing the SAML redirect, see
Bypassing the SAML Redirect.