IBM Aspera Faspex on Demand supports Security Assertion Markup Language (SAML) 2.0, an open, XML-based standard that allows secure web domains to exchange user authentication and authorization data. With the SAML model, you can configure the Faspex on Demand web application as a SAML "online service provider" (SP) that contacts a separate online "identity provider" (IdP) to authenticate users who will use Faspex on Demand to access secure content.
With SAML enabled and configured, a user logging into Faspex on Demand is redirected to the IdP sign-on URL. If the user has already signed in with the IdP, the IdP sends a SAML assertion back to Faspex on Demand. The user is now logged into Faspex on Demand.
When SAML is enabled, Faspex on Demand creates a user account based on the information provided by a SAML response, and therefore the Faspex on Demand user account does not need to be created manually. However, any changes to the account that are made on the DS server are not picked up by SAML.
These instructions assume you are already familiar with SAML and already have an identity provider (IdP) -- either third-party or internal -- that meets the following requirements:
Please refer to Configuring SAML for instructions on how to enable SAML authentication in Faspex on Demand.
Please refer to Setting Up Custom SAML Fields for instructions on how to set up custom SAML fields in Faspex on Demand.
Please refer to Configuring Your Identity Provider (IdP) for information on setting up an identity provider for Faspex on Demand.
Please refer to Creating SAML Groups for instructions on how to set up SAML groups in Faspex on Demand.
Please refer to User Accounts Being Provisioned by SAML Just-In-Time (JIT) Provisioning for information on SAML Just-In-Time (JIT) Provisioning for Faspex on Demand.