Single Sign-On/SAML

On the > Administration > Overview > Fusion > Single Sign-On / SAML page, you configure the Uptempo platform as a service provider for logging on using SSO via SAML. You can create configurations for logging on using multiple identity providers. To access the separate SSO/SAML Technical Description Guide, contact your Uptempo representative for the latest release.

  1. Choose > Administration> Overview > Fusion > Single Sign-On / SAML.

    If a configuration has not been created, you are guided directly to the fields to be edited. If at least one configuration exists, the following page is displayed:

  2. Click Add Entry.

    3. The Add Entry dialog is displayed with the SAML Settings tab:

  3. Fill in the fields by uploading the XML file for the IdP metadata or change the required parameters manually:

    Note:The settings that you must edit are determined by the setting of your identity provider.

    • Name: Enter a name for the new configuration.

    • Configuration name (EntityID): Enter the entity ID of your identity provider. An entity ID is the globally unique name for an SAML identity provider. This is usually the identity provider URL.

    • Identity provider (IdP) endpoint
      Enter the full URL that your identity provider uses to receive SSO messages.

    • IdP certificate (X509)
      Enter the public key certificate of your identity provider (X.509) in PEM format.

    • Protocol version
      Select the SAML protocol version that is used between Uptempo (SP) and your identity provider: SAML 1.x or SAML 2.0. SAML 2.0 is recommended.

    • Binding type
      Select the transport type used between Uptempo (SP) and your identity provider: POST or REDIRECT. REDIRECT corresponds to HTTP-GET.

    • Signature support
      Messages can be signed for security (to establish trust).
      Choose whether signature support between Uptempo (SP) and your identity provider is activated.

    • Service provider (SP) certificate key size
      Define the key size for the service provider certificate.

    • SP certificate validity in days
      Define the validity period for the service provider certificate in days.

    • NameID format
      Select the NameID format. Your SAML identity provider must declare the format in its metadata.

    • System settings
      Activate the Update SSO service URL checkbox if you want to avoid the manual entry in the system settings. If you activate the checkbox, the system setting is automatically updated with the data from the configuration. Note that the data of the last saved configuration is always entered in the setting.

  4. Optional: If you need a mapping of your attributes to the SAML attributes of the Uptempo platform:

    1. Go to the Attribute Mapping tab.

    2. Select the required SAML attribute of the Uptempo platform from the drop-down list by activating the checkboxes.

    3. Click a point outside the picklist to close it.

    4. All selected attributes are displayed in the dialog.

    5. For each attribute, enter the name of the appropriate parameter in your system.

  5. Click Save.

Uptempo is configured as a service provider for SSO via SAML.

Note

If the IdP configuration changes, you may have to adjust the SAML configuration for Uptempo.