SAML Overview
Security Assertion Markup Language (SAML) 2.0 is a single sign-on and federation protocol suite that enables your organization to synchronize identity with web applications. Once you have configured single sign-on for your organization, your users can sign in to Flexera One using your identity provider instead of a username and password. When a user logs in with single sign-on, an audit entry in your master account captures the details.
Some key SAML 2.0 Concepts are presented in the following table.
SAML 2.0 Concept |
Definition |
||||||
Trust Relationship |
Before an identity provider and a service provider can exchange SAML messages, an administrator must configure each of them to trust the other. |
||||||
Web Browser Single Sign-on |
SAML 2.0's Web Browser SSO Profile is its principal sign in mechanism. For a detailed protocol description, see Wikipedia. There are two variants of the Web Browser single sign-on flow:
SP-Initiated Sign In If a user arrives at Flexera One without being logged in, we must forward the user’s browser to a suitable identity provider to obtain a SAML assertion. To determine where to send the user, we prompt the user for a discovery hint, a DNS-like name chosen at setup time to uniquely identify your identity provider in our database. Best Practice:We recommend using unique values as a discovery hint for your identity provider. Identity provider-Initiated Sign In You can sign in to the identity provider and visit an application portal that provides a menu of SSO-accessible applications, including Flexera One. When you click the Flexera One menu item, the browser is directed to Flexera One with a SAML assertion. |
||||||
Relay State |
The relay state is a SAML parameter that conveys where users will be directed after they perform single sign-on. When performing identity provider-initiated sign in, the identity provider can add a default relay state to send the user to a specific place. |