SAML (Security Assertion Markup Language) is an open standard that allows identity providers (IdPs) to pass authorization credentials to service providers (SPs). By configuring SAML, organizations can enable single sign-on (SSO), allowing users to access multiple applications with one set of login credentials, enhancing security and user experience.
Disable Local User Creation: This option, when enabled, prevents the creation of new user accounts within the application itself, ensuring that all users are authenticated through the SAML provider.
Enabled: This checkbox activates the SAML integration within the application.
Type: Identifies the protocol used, in this case, SAML for single sign-on capabilities.
Single Sign-On URL: The endpoint to which the authentication requests should be sent. This is specific to the IdP.
Issuer: The unique identifier for the SAML entity or the service provider.
Certificate: Public key certificate used to verify the SAML assertion from the IdP.
Attribute Mapping: This section maps attributes from the SAML assertion to the user account fields in the application, like user name, first name, last name, display name, email, and groups. This ensures that the user’s data in the application matches their identity in the IdP.
Role Mapping: Associates SAML group attributes with roles defined in the application, determining access levels or permissions within the application.
Group Mapping: Links SAML group attributes to groups within the application for additional access control granularity.
Setting up SAML integration requires careful planning to ensure that all mappings correspond correctly and that the SSO functionality works as intended. It typically involves coordination between the organization's IT department and the providers of the applications being accessed.