SAML integration
Overview
SAML (Security Assertion Markup Language) is an open standard for securely exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). IPI Enterprise Server (IES) supports SAML 2.0 and can act as an Identity Provider, enabling passwordless Single Sign-On (SSO) for enterprise applications. By integrating IES with third-party services, you can centralize user authentication and enforce modern security practices such as multi-f
Setup Flow
To set up SAML SSO using IPI Enterprise Server as the Identity Provider:
Prepare Metadata
Export the SAML metadata file or SSO endpoint URL from your IES (available in Settings → Parameters → SAML).
Obtain the SAML metadata or ACS URL from the target Service Provider (SP).
Configure the Service Provider (SP)
In the SP's admin panel, register IES as a SAML IdP by uploading the IES metadata or manually entering the IdP SSO URL and certificate.
Specify the expected attributes (e.g.,
email,username) and map them if required.
Configure IES as IdP
In the IES admin console, go to Settings → Parameters → SAML.
Add a new Service Provider using the metadata or manual configuration (ACS URL, Entity ID, etc.).
Specify attribute mappings according to SP requirements.
Assign Users
Ensure the users exist in both IES and the SP (or use just-in-time provisioning if supported).
Confirm their email or username matches the attribute used in the SAML assertion.
Test the SSO Integration
Initiate a login request from the SP and verify redirection to IES for authentication.
Authenticate using any available passwordless method (passkey, mobile app, or IPI Key).
On success, access to the SP should be granted without entering credentials.
Supported Services
You can configure SAML SSO with the following commonly used services:
Last updated