Configuring any SAML 2.0 service as Identity Provider

SAML 2.0 (Security Assertion Markup Language 2.0) is an open standard for single sign-on (SSO) and identity federation. It is widely used for securely exchanging authentication and authorization data between identity providers (IdPs) and service providers (SPs).

This article provides a step-by-step guide to any SAML 2.0 service as the Identity Provider for all the services you use.

Prerequisites

1. Please ensure you have created the SSO configuration for the service you want to access and set the SAML service as its Identity Provider.

2. Also, ensure that the user(s) is present in the SAML service and the respective service portal you are trying to access.

3. The same user(s) must be present in Scalefusion and the SSO configuration of the respective service is applied to it.

Step 1: Configuring SAML 2.0 as an Identity Provider on Scalefusion dashboard

1. Navigate to OneIdP > Identity Providers.

2. Click on the New Provider button.
   

   

3. Select SAML 2.0 and click on Next.
   

   

4. Provide a name to this configuration for easy identification.

5. You will need to add the OneIdP Service Provider Details in the SAML service portal that you are setting as the Identity Provider.
   

   

6. You will need to copy the IDP details from the SAML service portal that you are setting as the Identity Provider and add them to the Scalefusion dashboard.

   

Step 2: Associating any SAML Identity Provider with a Directory

1. Navigate to OneIdP > Directory.

2. Click on the 3-dots under Actions for the concerned Domain.

3. Click on Settings.
   

4. Go to the Federated Authentication tab and toggle on the button for the configured SAML service as an Authentication source.

5. You can also “Set default authentication source”.

   1. On setting a default authentication source, whenever you add any new user in the Scalefusion dashboard and migrate it to OneIdP, the default Authenticator would be the configured SAML service.

6. Click on Next and Save.
   

   

7. For existing users that are present in the Scalefusion dashboard, you can change the default authentication source by going to 3-dots under Actions > Update Authentication Source.
   

   

8. Select the configured SAMl service from the drop-down list for “Set Authentication Source” and click on Update Now.
   

   

User Login Flow

When the user enters their email on the service login page, they will be redirected to OneIdP. From there, OneIdP will redirect the user to the chosen identity provider (SAML 2.0, in this case) for authentication. Once the identity provider authenticates the user, they will be granted access to the service.