How do I implement SAML?

Ensighten now offers you the capability to provide secure access to your internal corporate resources with SAML (security assertion markup language) authentication.

To set up SAML authentication, you must belong to a role that has manage permission to System Security.

In Manage, navigate to System Security. Toggle to enable or disable SAML authentication. The toggle indicator turns green when SAML authentication is enabled.

When you first apply SAML authentication:

1. Toggle the indicator to ON. 

   The first time you toggle to ON, Manage makes request to create your Postbinding URL.

2. The SAML POST binding URL and audience URI appear. Provide these values to your organization's IT department to generate the SAML metadata document from your identity provider.

   If the Postbinding URL is not available, then check back in a minute or two as there might be a slight delay in the creation of your URL.

3. The generated metadata document is either hosted at a URL or available for download. Choose an Identity Provider Source (IdP):
   • IdP metadata endpoint URL.  Type the URL where the metadata document is hosted.

     This is the preferred method because configuration updates are automatically retrieved.

      
   • IdP metadata XML File. Click Choose File to locate and select the metadata file you downloaded.

     You must update the XML file each time there is a configuration change.

4. Click SAVE.

Once activated, users attempting to log in to an Ensighten product must log in to your organization's authentication system before gaining access to Ensighten.

With SAML enabled, previously enabled Multi-Factor Authentication is automatically disabled. If you choose to disable SAML authentication you must specifically re-enable MFA.

Frequently Asked Questions

How does SAML authentication work? SAML is an XML-based framework that provides communication between two entities, a service provider and an identity provider. Very simply, The user's identity is transferred from the identity provider (your organization) to the service provider (Ensighten) through an exchange of digitally signed XML documents.