Overview of SAML Setup for Connect
Docupace supports the following solutions:
Integration of Security Assertion Markup Language (SAML) 2.0 and Identity Provider.
Service Provider (SP) initiated by Single Sign-On (SSO).
Identity Provider (IDP) initiated by Single Sing-On (SSO).
To properly set up the external Identity Provider (IDP) with the Docupace platform, you need to exchange data among:
Docupace
Service Provider (or the Client’s provider if preferred)
Customer Identity Provider
Important: For the standard setup of SAML without custom configuration, Docupace requires:
Data exchange in the form of SAML 2.0 Metadata.
Encryption of assertions provided by the Docupace public certificate in Metadata.
Note: Our Customer might have a solution that does not support the criteria explained in this document. Also, you may need a different kind of support for the Metadata exchange (for example, getting SAML Response and a separate certificate). In this case, you need to:
To properly configure Docupace for working with Identity Provider.
Engage professional services for configuring Docupace to work with Identity Provider.
In case you need help to configure Docupace for working with Identity Provider or engage professional services, reach out to Docupace developers.
Terminology
Term | Description |
---|---|
SAML | Open standard for exchanging authentication and authorization data between parties, in particular, between Identity Provider (IDP) and Service Provider (SP). |
Identity Provider (IDP) | System entity that creates, maintains, and manages identity information for principals while providing authentication services. Authentication services rely on applications within a federation or distributed network. Identity Providers also suggest a user authentication as a service. |
Service Provider (SP) | System entity that receives and accepts authentication assertions in conjunction with a Single Sign-On (SSO) profile of the Security Assertion Markup Language (SAML). In scope of Docupace, this process is based on the Connect user interface. |
Service Provider (SP) Metadata | XML containing endpoints and the public certificate for encryption of SAML Response. |
Identity Provider (IDP) Metadata | XML containing endpoints and the public certificate verification of signed SAML Response. |
SAML Response | SAML Response that is sent by Identity Provider to Service Provider. Once a user succeed in the authentication process, SAML Response contains Assertion with NameID / Attributes of the user. |