Configuring single sign-on with the SAML
Configure a single sign-on (SSO) between your product and your enterprise identity source.
Security Assertion Markup Language (SAML), an XML-based markup language, is an open standard for exchanging identity, authentication, and authorization information between an identity provider (your enterprise SAML server) and a service provider (your product cluster).
The identity provider issues authentication assertions along with a SAML SSO profile. The service provider receives these assertions and the profile.
The SSO flow can be summarized as follows:
- A user attempts to access a service in your product through a web browser.
- Your product verifies whether an authentication token is present.
- If no authentication token is present, your product redirects the request for authentication to the enterprise SAML server of the user.
- The enterprise SAML server presents a login page to the user.
- If the user logs in successfully, the SAML server redirects the user, along with the SAML response, to your product.
- Your product generates an authentication token and grants access to the service that the user requested.
You can configure the SSO with the SAML for Identity Management (IM) solution. You must first complete the SSO configuration in your cluster with one of the following methods:
- Configuring single sign-on with the SAML using the IdP APIs
- Configuring single sign-on with the SAML using the your product console
After you configure the cluster with the SSO, complete the SSO configuration of your IM solution provider.
You can connect to any compatible SAML IdP (Identity Provider) with SAML support. The following are some IM solution providers for configuring SSO by using SAML:
-
Microsoft Active Directory
For more information, see Configure SAML 2.0 provider settings for portals .
-
Keycloak
For more information, see Server Administration Guide .
-
IBM Security Verify
For more information, see IBM Security Verify.
Types of SAML provisions
You can configure SAML with the SCIM and JIT provisions to provide a secure authentication and authorization of the users to access the applications in your cluster.