Using SAML 2.0 for SSO
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Using SAML 2.0 for SSO

  • Dark
    Light
  • PDF

Article Summary

CTERA Portal supports user identity federation over SAML 2.0. SAML enables you to centralize your corporate user identities and provide Single Sign-On (SSO) capabilities to all of your enterprise applications. When SSO is enabled on the portal, users' passwords are not stored on CTERA Portal, instead, user authentication is performed through the identity provider’s login page.

To configure SAML SSO, you need an SAML identity provider. CTERA Portal SAML single sign-on has been certified with the following identity providers:

Before setting up SAML in the CTERA Portal:

  • The users must be defined. For details, see Using Directory Services for User Management.
  • You have to define access to the CTERA Portal on the identity provider side. Although each identity provider can have a different procedure for setting this up, the SAML protocol requires the following information:
    Entity ID – A globally unique name for a SAML entity. This entity is defined at the identity provider, IdP, side.
    Sign-in page URL – The location where the SAML assertion is sent with HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL for the SAML endpoint at the IdP side.
    Log-out page URL – The location where the logout response will be sent.
    Identity Provider Certificate – The authentication used by the identity provider.
    The terms used for this information can vary between the different identity providers.
    Note

    If you want to use a different identity provider, contact CTERA to validate the provider.

    You need to enable SSO on the portal and specify the identity provider's parameters. Once configured, the provider handles the sign-in process for all portal users, including access from mobile devices. The provider is also responsible for authentication credentials for the users.

You need to set up the CTERA Portal as a SAML application in the identity provide before defining SAML Single Sign-on in a CTERA Portal.

  • You have to define access to the CTERA Portal on the identity provider side. Although each identity provider can have a different procedure for setting this up, the SAML protocol requires the following information:
    Entity ID – A globally unique name for a SAML entity. This entity is defined at the identity provider, IdP, side.
    Sign-in page URL – The location where the SAML assertion is sent with HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL for the SAML endpoint at the IdP side.
    Log-out page URL – The location where the logout response will be sent.
    Identity Provider Certificate – The authentication used by the identity provider.
    The terms used for this information can vary between the different identity providers.
    Note

    If you want to use a different identity provider, contact CTERA to validate the provider.

    You need to enable SSO on the portal and specify the identity provider's parameters. Once configured, the provider handles the sign-in process for all portal users, including access from mobile devices. The provider is also responsible for authentication credentials for the users.

You need to set up the CTERA Portal as a SAML application in the identity provider before defining SAML Single Sign-on in a CTERA Portal.


Was this article helpful?

What's Next