After retrieving the IdP metadata, create a SAML app in the Command Center using the IdP metadata file that you saved.
Log on to the Command Center.
From the navigation pane, go to Manage > Security > Identity server.
The Identity servers page appears.
In the upper-right corner of the page, click Add.
The Add domain dialog box appears.
In the Name box, enter the domain name that you want to associate users with.
The SAML application is created using the domain name.
If you want to add a SAML application for the users of the Active Directory (AD) that is configured in the CommCell environment, then enter the AD NetBIOS name. During the SAML authentication, AD is contacted to collect the user details such as email address, UPN, Full Name, User Group, and so on.
In the Email Suffix box, enter the email suffix of the users.
For example, if the username is firstname.lastname@example.org, then the email suffix is gmail.com.
You can enter multiple email suffixes separated by a comma.
Only users that have specified email suffix can log on using this app.
In the Upload IDP metadata box, browse to the XML file that contains the IdP metadata, and then click Open.
Review the value in the Webconsole url box.
This value is automatically generated and is used in the SP metadata file. The format of the value is https://mycompany:443/webconsole.
If you are an MSP administrator creating the SAML app for a company, in the Created for company box, select the company.
If you are creating the SAML app for the entire CommCell environment or if you are a tenant administrator, a company is not needed.
To digitally sign the SAML message, move the Auto generate key for digital signing of SAML messages toggle key to the right.
The SP metadata file is generated, the IdP metadata is saved, and the identity server properties page appears.
In the upper-right corner of the page, click Download SP metadata.
The name of the file that is downloaded begins with SPMetadata.
After the SP (service provider) metadata is downloaded, place the SP metadata on the Active Directory Federated Service (AD FS) machine.