Application Integration - Software AG Hosted Environment : Integration Cloud : Single Sign-On
Single Sign-On
 
Configuring SAML Settings for Single Sign-On
Single sign-on is a process that allows users to access all authorized network resources without having to log in separately to each resource.
Security Assertion Markup Language 2.0 (SAML 2.0) is a standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based standard that uses security tokens containing assertions to pass information about a principal (usually an end user), between a SAML authority, that is, an identity provider (IdP), and a SAML consumer, that is, a service provider. Using SAML, a service provider can contact an identity provider to authenticate users who are trying to access secure content.
Note:  
Currently, only SAML 2.0 is supported.
Integration Cloud supports single sign-on (SSO) that allows users to authenticate themselves against an Identity Provider (IdP) rather than obtaining and using a separate username and password. Under the SSO setup, Integration Cloud works as a Service Provider through SAML. You can put the IdP you already trust in charge of authentication, while your users can access Integration Cloud without another password to manage.
The following actions take place while logging into Integration Cloud using SAML 2.0:
1. User logs into a web application and clicks on the SAML SSO link to access Integration Cloud.
2. Integration Cloud generates a SAML authentication request and posts the request to the user’s browser.
3. The browser sends the SAML request to the Identity Provider for authentication. The SAML request contains user information, Identity Provider URL, and the assertion response URL.
4. The Identity Provider decodes the SAML request, extracts the URL, authenticates the user, generates a SAML response, and posts the SAML response to the browser.
5. The browser sends the SAML response to Integration Cloud.
6. Integration Cloud checks if the Identity Provider authentication was successful, that is, verifies the SAML response, and redirects the user to the appropriate home page or the error message page.
Note:  
Integration Cloud SSO capability has been tested to work with Microsoft Azure Active Directory (Azure), Oracle Access Manager (OAM), and Okta as Identity Providers.
You can click Edit to configure SAML 2.0 settings for single sign-on or click Export SAML 2.0 Metadata if you want to export the Integration Cloud SAML metadata.
See Configuring SAML Settings for Single Sign-On on how to configure SAML settings for single sign-on.
Note:  
You can access or edit the single sign-on configuration page only if you can edit the Company Information, that is, have the Manage Company Capabilities permission under Settings > Access Profiles > Administrative Permissions > Account Controls.
Configuring SAML Settings for Single Sign-On
Copyright © 2015- 2017 Software AG, Darmstadt, Germany. (Innovation Release)

Product LogoContact Support   |   Community   |   Feedback