Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This section provides information on using the SAML setup.

SAML Metadata

To securely use SAML Metadata, partners share metadata that contains:

  • Entity ID

  • Cryptographic Keys

  • Protocol Endpoints (bindings and locations)

Tip: Every SAML System Entity has an entity ID, the globally-unique identifier used in software configurations, relying-party databases, and client-side cookies. On the wire, every SAML protocol message contains the entity ID of the issuer.

SAML Metadata can be identified by the initial tag: <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...>

Connect Metadata Location

Once you configure SAML in Connect, it is available via Download by the following URL: https://{{host}}/site_ui/sso/samlMeta/default

IDP Setup

The SAML metadata provided by Docupace should be used to set up the site as an authorized Service Provider. This process is accomplished by importing metadata provided by Docupace into Identity Provider (IDP).

Tip: Please refer your IDP documentation on how to import metadata into Identity Provider (IDP). To finalize the setup, provide Docupace with the IDP and IDP's metadata.

Note: If the Customer requires assistance in configuration of their IDP, then you need to engage professional services for configuring the IDP.

Assertion Requirements

The are the following assertion requirements for configuring SAML:

  • SAML assertion should contain <saml:Subject><saml:NameID>userNameInDocupace<saml:NameId/></saml:Subject>

  • userNameInDocupace should match exactly the configured user in Docupace.

Note: “userNameInDocupace” is case sensitive.

  • Docupace ignores any additional attributes within the assertion.

User Configuration

Configuration of users should be handled via the standard Docupace ACL file upload process.

The standard Docupace configuration for SAML Single Sign-On (SSO) integration is based on users that are configured to only support login via SAML.

Tip: You need to involve professional services if the Customer requires a hybrid approach where:

  • User can log in both via SAML SSO and direct login.

  • Subset of users can log in directly instead of SSO.

Service Provider Initiated SSO

Docupace supports a service provider initiated by SSO including deep links into the application. The base link for SP initiated SSO is https://{{host}}/site_ui/sso/saml/default

Tip: For deep links into the application, such as launching of monitor where the non-SSO URL is https://{{host}}/site_ui#/monitor, the SSO URL would be https://{{host}}/site_ui/sso/saml/default/bookmark/monitor

  • No labels

© Docupace Technologies 2020 | Documentation Dashboard