Working with SAML |
To use SAML with Orchestrator, you must already have an identity provider (IdP) that meets the following requirements:
If the IdP is capable of reading SAML XML metadata for a service provider, you can upload a saved XML metadata file to configure the IdP. You can retrieve the XML metadata for an existing Orchestrator by going to and saving the XML as an XML file.
Orchestrator: expects assertion from an IdP to contain the following elements:
Default Attribute | Orchestrator User Field | Required |
---|---|---|
NameID / SAML_SUBJECT | Username | Yes, with the format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
Email address | Yes | |
given_name | First name | |
surname | Last name | Optional |
member_of | SAML group | Necessary for SAML groups |