Configuring SAML general settings

Edit online

Configure SAML provider settings that apply to all SAML applications on this tenant.

Procedure

  1. Navigate to Applications > Application settings > SAML general settings.
  2. Provide the Entity ID.
    Typically this ID is generated as https://Tenant-Name/saml/sps/saml20ip/saml20. You can modify it to reflect a vanity hostname and domain.
    Note: If the Entity ID is modified, you'll need to update the partner's configuration with the latest Entity ID value for existing SAML 2.0 applications.
  3. Provide the number of seconds for the Message valid time.
  4. Optional: If you want to enable Certificate Revocation List (CRL) checking, select the CRL enabled checkbox.
    When CRL is enabled, it checks the certificate revocation list. Checking is done for all crypto functions for the SAML 2.0 applications that use an external certificate.
    If your configuration does not require CRL checking, you can leave it disabled, which is the default setting. Some reasons why you might not want to enable CRL checking are
    • If you use an internal self-signed certificate authority (CA).
    • Have performance issues. High-volume applications can experience significant performance degradation.
    • Have network connectivity problems. Firewalls can block access to CRL servers, networks are air-gapped or isolated without internet access.
  5. Select a Key selection criteria.
    • Only alias
    • Shortest lifetime
    • Longest lifetime
  6. Provide the number of seconds for Assert valid before.
  7. Provide the number of seconds for Assert valid after.
  8. Select the Default Name ID format.
    • Email
    • Unspecified
    • Persistent
    • Transient
  9. Select a privacy profile
    When a privacy profile is selected, it applies to all SAML applications. It becomes the default privacy profile. However, the profile can be overridden at the application level for individual applications that need a different profile.
  10. Click Save changes.