SAML Authentication
Configuring SAML for Airkit Apps
This article will cover how to configure an Airkit application to use SAML Authentication. In order to set up this authentication, there are few configurations needed at the organization level.
For information on how to configure your Airkit organization to use SAML SSO, see Configuring SSO Access.
Download the SAML Metadata File
In order to configure SAML access to Airkit applications, the SAML Assertion Metadata must be generated from the Identity Provider (IdP) of choice. It will be used to share configuration credentials between the IdP and the Service Provider (SP). The IdP metadata usually contains the IdP certificate, the entity ID, the redirect URL, and the logout URL.
Uploading the SAML Metadata File
This XML file needs to be uploaded in the app, and determines which IdP should be receiving the SAML request. This is done in the Console. Select Settings from the options on the left. Then, from the submenu, select Organization to find the Authentication section. In "Manage SAML Configurations," click the Create New button.
Click on the dialog box located on the right side of the screen and manually upload the XML file, or simply drag and drop it to begin the upload instantly. Finally, press Create in order to generate the SAML configuration.
Configuring Your SAML Access
After uploading your metadata, you are able to configure properties associated with your SAML Authentication process.
User Lookup Attribute: For organization authentication, allows you to specify a different attribute to get the user's email. Some IDP's do not provide an email in the NameID attribute
Canvas only URL ACS: The ACS url for SAML apps. NOT for organization authentication.
ACS: An Assertion Consumer Service (ACS) URL has to be configured. The ACS URL is an endpoint on the service provider where the identity provider will redirect to with its authentication response.
Entity Id: An Entity ID is a globally unique name for a SAML entity, i.e., your Identity Provider (IdP) or Service Provider (SP).
Connecting Your Application with the Metadata
Next, go to your application in the studio, and go to Settings. Under the Global section, change the App Authentication Type to Secure App, and make sure the Authentication Method is set to Custom. Finally, click the dropdown under SAML and select the XML uploaded in the previous step.
Connecting the IdP to the Application
Once you have completed the content of the application, save your changes and click Publish in the top right hand corner of the studio. Be sure to copy the link that users will utilize to access their application.
This is the URL that your IdP should redirect users back to after they authenticate, and this is called something different in each IdP. Okta calls it โSingle Sign On URL,โ Auth0 calls it the โApplication Callback URL,โ and OneLogin calls it the โACS (Consumer) URL,โ to name a few examples. Please refer to the documentation and settings for your specific IdP for where to input this URL.
After publishing your application and saving the URL to the IdP, users should be redirected to authenticate before using the application.
On Authentication Success
After setting up you OAuth authentication, go to Connections Builder and click on the On Authentication Success Event.
The โOn Authentication Successโ event will run when the user is authenticated. On this event, there is the event
namespace where you can access data about the user.
Example SAML Authentication
Updated about 2 years ago