This is a brief overview of what's required for a SAML configuration with GreenOrbit (GO).
Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. The single most important requirement that SAML addresses is web browser single sign-on (SSO).
It's a little known fact, the Identity Provider (SAML provider) never actually communicates with the application directly, all information is passed through the user's web browser, which in turn passes it back to the application.
The below diagram shows how the SAML process works with GO:
Identity Provider (IdP): This is the SAML provider (such as O365, Google Apps etc) which contains the list or database of users who can log in to your app. It also contains a list of authorized applications which can be logged into using the IdP.
Service Provider: This is the application which utilizes the IdP as it's source for authentication. In this case, GreenOrbit is the service provider.
For SAML to be utilized on GO, there are a few requirements to be able to do this which are important to know:
- GO should be running the latest version (or at least version 2) as there are a large number of enhancements from previous versions
- GO needs to be secured with Secure Sockets Layer (SSL). Without this, the encrypted information cannot be passed from the IdP to GO.
- A SAML provider needs to be selected and the configuration performed on it as per our guides. Please refer to our configuration guides for assistance.
- After the SAML provider has been configured, GO requires the following information:
- IdP Certificate for GreenOrbit (this is provided by the SAML provider specific for the app configuration)
- IdP Target URL (this is the URL which GO redirects to so that the SAML provider can perform authentication)
For more information or if you have any other specific questions please email firstname.lastname@example.org