Skip to main content
Skip table of contents

Configuring account for SAML SSO

What is SAML?

SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).

Identity Provider — Performs authentication and passes the user's identity and authorization level to the service provider.

Service Provider — Trusts the identity provider and authorizes the given user to access the requested resource.

SAML parameters

The values of the following parameters should be sent to the FORM so that we can configure the SSO integration with your implementation:

EXTERNAL_AUTH.SURVEY=SAML2
SAML2_IDP_NAME.SURVEY=<IDENTITY_PROVIDER_NAME>
SAML2_SP_NAME.SURVEY=<SERVICE_PROVIDER_ IDENTIFIER>
SAML2_IDP_CERT.SURVEY=-----BEGIN CERTIFICATE-----<CERTIFICATE_PUBLIC_KEY>-----END CERTIFICATE-----
SAML2_IDP_URL.SURVEY=<AUTHENTICATION_URL>

Replace a tag with the following 

Tag 

Replace with

<IDENTITY_PROVIDER_NAME>

Replace it with a name of the identity provider. For example, COMPANYIDP

<SERVICE PROVIDER IDENTIFIER>

Replace the tag with the WORLDAPPSP value.

<CERTIFICATE_PUBLIC_KEY>

replace the tag with a certificate public key provided by the identity provider.

<AUTHENTICATION_URL>

specify a URL to the authentication page on the identity provider. Users will be redirected to this page when they try to access a resource that requires authentication without an active session. 

<CERTIFICATE_PUBLIC_KEY>- this parameter should have multiple lines in the config file. Every line must end with "\n\", except for the line where certificate ends. 

Response from Identity Provider

The application is expecting one user parameter in return from the identity provider - NameID, which must match the login name of a user in the FORM system. If the system cannot find the user with such login name, HTTP 401 error response will be sent to the user. 

NOTE

Please note that when SAML is used, the user must exist in the application database. So before the user can authenticate, a user record must be created in the application with the User Login matching the User ID returned by the Identity Provider.

Depending on the type of the user, one of the following methods may be used to add users to the application:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close