Loading...

Redirecting Service Provider Initiated Logons for SAML Integration

You can configure the Service Provider (SP) logons initiated from the Web Console to automatically redirect users to the IdP. If multiple IdPs are available, users choose which IdP validates their credentials.

To create a direct link to the IdP to use on your company portal, create the URL for the SP initiated link as explained in Creating URLs for SAML Interactions.

Before You Begin

Configure the provider metadata. For information on configuring metadata, see Configuring Provider Metadata.

Procedure

  1. From the CommCell Console ribbon, click the Home tab, and then click Control Panel.
  2. Under CommCell, click Identity Management.

    The Identity Management dialog box appears.

  3. On the Identity Management tab, select the SAML application, and then click Edit.
  4. On the SAML tab, select from the following options:
    • To have users and user groups select from a list of SAML IdPs when they log on, select the Enter User Name and Press Tab for IDP Redirection check box, and then on the Association tab, select the users and user groups this applies to.
    • To have users automatically redirected to the Identity Provider (IdP) when they access the URL defined in Entity ID > Web Console box, select the Auto Redirect to IDP check box.

      Note: If the Enter User Name and Press Tab for IDP Redirection check box and the Auto Redirect to IDP check box are both selected, the following behavior occurs:

      • When users access the URL defined in Entity ID > Web Console box, the Auto Redirect to IDP option takes precedence.
      • If users access a URL other than the URL defined in the Entity ID > Web Console box (such as an alias for the Web Console URL), the Enter User Name and Press Tab for IDP Redirection option takes precedence.
  5. On the Association tab, select the users to automatically redirect to the IdP.

Result

  • Enter User Name and Press Tab for IDP Redirection:
    • When a user accesses a SP Web Console and is not logged on, the user enters a user name or an email address and tabs off of the field to be redirected to the IdP to log on. If the user is associated with multiple IdPs, a list of the IdPs is displayed so that the user can choose where to validate his or her credentials.
    • When a user accesses a SP Command Center, the log on session is redirected to the Web Console, and the log on continues as described for the SP Web Console.
  • Auto Redirect to IDP: When a user accesses a SP Web Console or Command Center and is not logged on, the user is automatically redirected to the Identity Provider (IdP).

After the user logs on, the user is returned to the SP Web Console or the SP Command Center.

Related Topics

Redirecting the Identity Provider Initiated Logons for SAML Integration

Last modified: 12/26/2018 3:46:06 PM