In Faspex, go to Server > Authentication > SAML
Import a SAML IdP's metadata to auto-populate the fields for SSO URL,
fingerprint, and certificate. You can import from a URL, from a saved file, or
from pasted text. Click Import Settings From Metadata
Enter a name for your configuration in the Name field.
This name is used by Faspex to differentiate between multiple SAML
Configure the following SAML options.
- Publicly Visible: Determines whether Faspex
allows users to choose this IdP as an option from the local login
- Public Login Instructions field: Displays a
description of the IdP and instructions on how to log in.
- Restrict access to known groups: Prevents SAML
users that are not members of existing Faspex SAML groups from logging
into this IdP.
- Default SAML Configuration: Determines if
accessing the Faspex URL redirects to this IdP or the local faspex login
- Domain URL: Directs users to this IdP when they
access this alternate URL. For more information, see Configuring a Domain URL for SAML.
For more information on these options, see Configure SAML Options
If you chose to import a metadata file, the SSO target
URL, Name ID Format,
Fingerprint, and Certificate
fields have already been auto-populated with information.
In the SSO target URL field, enter your IdP Single
Choose the Name ID Format used to authenticate with the
The Name ID format must match the format used with your IdP. Faspex supports
the following formats: Unspecified,
Transient, Persistent, or
Email Address. When set to
Unspecified, any Name ID format returned by the IdP
Enter the IdP Fingerprint or
Certificate. Only one of these two fields is required
to authenticate with the SAML IdP.
In the Allowable clock drift field, configure the
milliseconds allowed for clock drift between Faspex and the SAML IdP.
Configure the default profile fields. These fields must map to attributes in
your SAML IdP's SAML response. Enter the SAML Name for
each of the required fields: username, email, first_name,
Important: Once you set the value for username, do not change
it. If username is changed, existing SAML users can no longer log
into their existing Faspex accounts, but are instead given new accounts with
Configure local custom profile fields.
These are custom user attributes that only apply to this IdP.
is the name of the attribute displayed in
Faspex. SAML Name
is the name of the attribute as
configured in the IdP. To add a field, click Add Local Profile
. For more information, see Setting Up Custom SAML Fields
If you've configured custom attributes (Server > User
), these fields show up as Global Custom Profile
Fields that, if required, you must map to valid SAML names. For more
information about custom attributes, see Configuring Custom User Fields
Click Create SAML Configuration.
After creating a new SAML configuration, Faspex redirects you to the SAML
Configurations page and displays the existing SAML configurations.
Users can now access Faspex through SAML instead of going through the local login
page. For information about bypassing the SAML redirect, see Bypassing the SAML Redirect