Enabled: A configuration must be enabled in order to use. Checked.
Allow customers to see and use this SAML configuration: Allows customers to use this configuration. Checked.
Entity ID: A unique identifier for your service provider. Recommend using your domain to to ensure uniqueness. For example: yourdomain.edspirit.com
Domain: The domain the configuration belongs to. By default there will be one option available for your domain. If you configure an external domain, you have the option to select your external domain.
Private Key: Service provider private key. You can find the key on your Identity server
Public Certificate: Service provider public certificate. You can find the key on your Identity server
Enabled: The IdP must be enabled to be used.
Secondary: SAML login options are by default displayed at the bottom of login and registration page. If this option is checked, the option is displayed above the login and registration forms, designated as Universities.
Visible: Visibility of the SAML login option.
Skip registration form: Users that try to login using SAML SSO option for the first time, are presented with a registration form populated with the data from their Identity Provider. Check this option to skip this step and submit the data automatically.
Skip email verification: Users that try to login using SAML SSO option for the first time receive an activation email in order to verify and activate account. Check this option to skip this step and automatically activate their account.
Send to registration first: Users that try to login using SAML SSO option for the first time are presented with a message on the login screen that informs them that they don’t currently have an account on the organization and they need to click on register(the registration form is populated with the user data from Identity Provider). Check this option to automatically send the users to the registration form.
Note that if you check the three options above, you can create a seamless SSO login process for the user.
Icon: Choose between the two available Font Awesome Icons displayed for the SAML login option.
Name: The name displayed below the SAML login option.
Entity ID: The URI that identifies the IdP. This ID must match the value specified in the metadata XML file. (Example on Keycloak: https://accounts.pubnito.com/auth/realms)
Metadata Source: The URL of the XML file that contains this provider’s metadata. (Keycloak location: Realm settings > General tab > Endpoints > SAML 2.0 Identity Provider Metadata. For example: https://accounts.pubnito.com/auth/realms/Accounts/protocol/saml/descriptor)
IdP Slug: Must be unique name. Appears on the related URLs.
The following are specific URN values for user attributes.
First Name Attribute: urn:oid:2.5.4.42
Last Name Attribute: urn:oid:2.5.4.4
User ID Attribute: urn:oid:1.2.840.123.1.9.1
Email Attribute: urn:oid:1.2.840.113549.1.9.1
Domain: The domain the IdP will be activated on. By default there will be one option available for your domain. If you configure an external domain, you have the option to select your external domain.
SAML Configuration: Choose the corresponding SAML
configuration from step 1.