Configuring SAML service providers

This article provides an overview on how to set up Cloud Identity Plane as an external IDP for any SAML service provider.

Prerequisites

  • Administrators need to have proper entitlements to perform actions described in this article. These UI actions are mapped directly to specific user entitlements to allow fine-grained access control of these operations from the administrative panel.

Configuration overview

  1. Get SAML metadata from CIP IDP, including the IDP SAML metadata and the IDP certificate. For more information, read Download SAML IDP metadata.

  2. Register CIP as an identity provider in your SAML service provider. For more information, follow the instructions provided by your SAML service provider.

  3. Download the SAML metadata from an external SAML service provider. For more information, follow the instructions provided by your SAML service provider.

  4. Register the external SAML service provider within CIP. For more information, read Register SAML service provider.

  5. Verify single sing-on via either SP-initiated or IDP-initiated SSO mechanisms. For more information, read Verify SAML flow.

Note

The above workflow is the default workflow. Workflows and redirects may be modified per identity provider configuration, using advanced settings within the CIP system based on custom business requirements.

Federation Management admin UI

The CIP administrative UI application provides a user interface to manage the third-party SAML service provider agreement and mapping information.

  • List service providers

  • Get service provider

  • Register service provider

  • Update service provider

  • Delete service provider

List service providers

Note

User Entitlement: ADMIN_LIST_SPS

Admin UI location: Admin dashboard » Service Providers

List External SP for Organization

Get service provider

Note

Entitlement: ADMIN_GET_SP

Admin UI location: Admin dashboard » Service Providers » [Select one from the list of Sps]

Get External SP Configuration for Organization

Register service provider

Note

Entitlement: ADMIN_CREATE_SP

Admin UI location: Admin dashboard » Service Providers » Register Service Provider

Register External SP Configuration for Organization

Update service provider

Note

Entitlement: ADMIN_UPDATE_SP

Admin UI location: Admin dashboard » Service Providers » [Select an SP from the list] » Update SP

Update External SP Configuration for Organization

Update External SP Configuration for Organization

Delete service provider

Note

Entitlement: ADMIN_DELETE_SP

Admin UI location: Admin dashboard » Service Providers » [Select an SP from the list] » Delete SP

Delete External IDP Configuration for Organization