Configuring single sign-on with the SAML

Configure a single sign-on (SSO) between your product and your enterprise identity source.

Security Assertion Markup Language (SAML), an XML-based markup language, is an open standard for exchanging identity, authentication, and authorization information between an identity provider (your enterprise SAML server) and a service provider (your product cluster).

The identity provider issues authentication assertions along with a SAML SSO profile. The service provider receives these assertions and the profile.

The SSO flow can be summarized as follows:

  1. A user attempts to access a service in your product through a web browser.
  2. Your product verifies whether an authentication token is present.
  3. If no authentication token is present, your product redirects the request for authentication to the enterprise SAML server of the user.
  4. The enterprise SAML server presents a login page to the user.
  5. If the user logs in successfully, the SAML server redirects the user, along with the SAML response, to your product.
  6. Your product generates an authentication token and grants access to the service that the user requested.

You can configure the SSO with the SAML for Identity Management (IM) solution. You must first complete the SSO configuration in your cluster with one of the following methods:

After you configure the cluster with the SSO, complete the SSO configuration of your IM solution provider.

You can connect to any compatible SAML IdP (Identity Provider) with SAML support. The following are some IM solution providers for configuring SSO by using SAML:

Types of SAML provisions

You can configure SAML with the SCIM and JIT provisions to provide a secure authentication and authorization of the users to access the applications in your cluster.