Docupace supports the following solutions:
Integration of Security Assertion Markup Language (SAML) 2.0 and Identity Provider.
Service Provider (SP) initiated by Single Sign-On (SSO).
Identity Provider (IDP) initiated by Single Sing-On (SSO).
To properly set up the external Identity Provider (IDP) with the Docupace platform, you need to exchange data among:
Docupace
Service Provider (or the Client’s provider if preferred)
Customer Identity Provider
Important: For the standard setup of SAML without custom configuration, Docupace requires:
Data exchange in the form of SAML 2.0 Metadata.
Encryption of assertions provided by the Docupace public certificate in Metadata.
Note: Our Customer might have a solution that does not support the criteria explained in this document. Also, you may need a different kind of support for the Metadata exchange (for example, getting SAML Response and a separate certificate). In this case, you need to:
To properly configure Docupace for working with Identity Provider.
Engage additional professional services for configuring Docupace to work with Identity Provider.
Terminology
Term | Description |
---|---|
SAML | Open standard for exchanging authentication and authorization data between parties, in particular, between Identity Provider (IDP) and Service Provider (SP). |
Identity Provider (IDP) | System entity that creates, maintains, and manages identity information for principals while providing authentication services. Authentication services rely on applications within a federation or distributed network. Identity Providers also suggest a user authentication as a service. |
Service Provider (SP) | System entity that receives and accepts authentication assertions in conjunction with a Single Sign-On (SSO) profile of the Security Assertion Markup Language (SAML). In scope of Docupace, this process is based on the Connect user interface. |
Service Provider (SP) Metadata | XML containing endpoints and the public certificate for encryption of SAML Response. |
Identity Provider (IDP) Metadata | XML containing endpoints and the public certificate verification of signed SAML Response. |
SAML Response | SAML Response that is sent by Identity Provider to Service Provider. Once a user succeed in the authentication process, SAML Response contains Assertion with NameID / Attributes of the user. |