Add/Edit SAML Configuration
On this screen, you can enter or edit the details of a particular SAML configuration. The SAML configuration gives OptiTune the details necessary to interface with a SAML 2.0 Identity Provider, to allow single sign on (SSO) to OptiTune.
The following Identity Providers have been tested with OptiTune. Click on the name of an Identity Provider for step by step instructions.
Name | Description |
---|---|
Azure AD | Microsoft Azure Active Directory - cloud based active directory |
ADFS | Microsoft Active Directory Federation Services - local active directory |
Google Workspace | Google Workspace - For organizations using Google Workspace |
Okta | Okta Workforce Identity |
Identity Provider Configuration
This section provides you with some of the required details to setup your Identity Provider (IdP) to interact with OptiTune (the "Service Provider" or "application").
Identifier (Entity ID) - The Entity ID, which uniquely identifies the application to the Identity Provider
Reply URL (Assertion Consumer Service URL) - The Assertion Consumer Service URL, which is where the Identity Provider redirects the user after successfully authenticating them
Sign on URL (optional) - Optinally, provide this URL to the Identity Provider, so that end users can login to this application directly from the Identity Provider
Configuration Description
Enter basic information about the configuration.
Name - The name of the SAML Configuration, which is also used as the login button name in the Single Sign On (SSO) page.
Description - A short description of the SAML configuration
Notes - Enter any notes you wish to keep about this configuration
SAML Settings
Enter the information about the SAML Identity Provider (IdP).
Configuration State - whether or not the SAML configuration is enabled, disabled, or hidden. If it is disabled, it will not show up in the SSO page, and authentication with this identity provider will be disabled. If it is hidden, users can still authenticate with this identity provider (using the "Sign On Url" at the top of this page), but the login button will not be shown on the OptiTune SSO page.
Login Url - The SAML (Identity Provider) URL the end user is sent to, to authenticate with
Logout Url - The SAML (Identity Provider) URL the end user is sent to, to logout with
Certificate - The Certificate used to verify SAML data, from the identity provider. Enter the certificate file, in PEM format. It should begin with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----"
Account Settings
Enter settings for enabling or disabling account provisioning in OptiTune. When a user successfully authenticates with the Identity Provider, but doesn't exist in OptiTune, the user can automatically be provisioned in OptiTune.
Account Provisioning - whether or not account provisioning is enabled or disabled. If enabled and a user logs in through SSO, but doesn't exist in OptiTune, the user will be created in OptiTune.
Parent - If a user logs in through SSO, but doesn't exist in OptiTune, the user will be restricted to this group in OptiTune.
Default Account Role - If a user logs in through SSO, but doesn't exist in OptiTune, they wil be assigned this role.
Save
To save your changes to the SAML configuration, click "Save" after entering the details above. Or, navigate away to discard your changes.