Configuring SAML service providers
This article provides an overview on how to set up Cloud Identity Plane as an external IDP for any SAML service provider.
Prerequisites
- Administrators need to have proper entitlements to perform actions described in this article. These UI actions are mapped directly to specific user entitlements to allow fine-grained access control of these operations from the administrative panel.
Configuration overview
-
Get SAML metadata from CIP IDP, including the IDP SAML metadata and the IDP certificate. For more information, read Download SAML IDP metadata.
-
Register CIP as an identity provider in your SAML service provider. For more information, follow the instructions provided by your SAML service provider.
-
Download the SAML metadata from an external SAML service provider. For more information, follow the instructions provided by your SAML service provider.
-
Register the external SAML service provider within CIP. For more information, read Register SAML service provider.
-
Verify single sing-on via either SP-initiated or IDP-initiated SSO mechanisms. For more information, read Verify SAML flow.
Note
The above workflow is the default workflow. Workflows and redirects may be modified per identity provider configuration, using advanced settings within the CIP system based on custom business requirements.
Federation Management admin UI
The CIP administrative UI application provides a user interface to manage the third-party SAML service provider agreement and mapping information.
-
List service providers
-
Get service provider
-
Register service provider
-
Update service provider
-
Delete service provider
List service providers
Note
User Entitlement:
ADMIN_LIST_SPS
Admin UI location: Admin dashboard » Service Providers
Get service provider
Note
Entitlement:
ADMIN_GET_SP
Admin UI location: Admin dashboard » Service Providers » [Select one from the list of Sps]
Register service provider
Note
Entitlement:
ADMIN_CREATE_SP
Admin UI location: Admin dashboard » Service Providers » Register Service Provider
Update service provider
Note
Entitlement:
ADMIN_UPDATE_SP
Admin UI location: Admin dashboard » Service Providers » [Select an SP from the list] » Update SP
Delete service provider
Note
Entitlement:
ADMIN_DELETE_SP
Admin UI location: Admin dashboard » Service Providers » [Select an SP from the list] » Delete SP