Configuring Your Identity Provider (IdP)

IdP Requirements

To use SAML with Orchestrator, you must already have an identity provider (IdP) that meets the following requirements:

IdP Metadata Formats

You must configure formats to set up your IdP to work with Orchestrator:

If the IdP is capable of reading SAML XML metadata for a service provider, you can upload a saved XML metadata file to configure the IdP. You can retrieve the XML metadata for an existing Orchestrator by going to and saving the XML as an XML file.

SAML Assertion Requirements

Orchestrator: expects assertion from an IdP to contain the following elements:

Default Attribute Orchestrator User Field Required
NameID / SAML_SUBJECT Username Yes, with the format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
email Email address Yes
given_name First name  
surname Last name Optional
member_of SAML group Necessary for SAML groups