Security Assertion Markup Language (SAML) Settings
Use these settings to set up and customize SAML for your ConceptShare account. Your access to these settings is dependent on your version of ConceptShare.
SAML Configuration
| Field | Description |
|---|---|
| URL to config XML | Enter a URL to config XML. This is the location of the XML file that contains the configuration settings. This is prepared by your IT team. |
| Is SAML Enabled | This enables or disables SAML. If enabled, ConceptShare presents users with a
Login with SAML link on the login page. The link redirects them to log in using their IdP credentials.
Note: Enabling SAML overrides your Settings configuration to force SSL if it was not already selected.
|
| SSO Binding | Select the method to be used for authentication requests.
|
| SSO Endpoint | This is the URL where SSO requests from ConceptShare should be sent.
Note: Perform this step if your SAML IdP does not expose a Federation Metadata URL.
|
| IP Filter | Leave this field blank if you want users to be authenticated via SAML. If you want to have only certain IPs authenticated, add them to the list (separate multiple IPs with a comma).
Use this if you want to limit the users who can authenticate. For example, you can authenticate employees but not contracted vendors or third-party clients, or you can allow users to use SSO from within the office networks but not from other locations. If they attempt to access from an IP range other than those designated, ConceptShare presents the normal login fields (email and password). |
| Signing Enabled | This enables or disables validation of all received SAML authentication responses by the supplied certificate. If you select Yes, you need to upload the certificate details. |
| Choose Signing Certificate | Click
Browse to upload your Signing Certificate.
Note: Perform this step if your SAML IdP does not expose a Federation Metadata URL.
|
| Encrypting Enabled | This enables or disables using a certificate (*.CER) file for decrypting SAML responses from the IdP. If you select Yes, you need to upload the certificate details. |
| Choose Encrypting Certificate | Click
Browse to upload your encrypting Certificate file.
Note: Perform this step if your SAML IdP does not expose a Federation Metadata URL.
|
SAML Login Screen Details
| Field | Description |
|---|---|
| Login title | Enter a title to display on the login screen. |
| Login text | Enter the instructions to display on the login screen. |
| Support Link #1 | Enter the link text and link URL. |
| Support Link #2 | Enter the link text and link URL. |
Force SAML
| Field | Description |
|---|---|
| Force SAML login? | This enables or disables logging in using a manually generated password. It can then be customized to have it applied to all users or to specific domains only. If you select No, users can use SAML to log in, or they can use a manually created password subject to the constraints specified in the account settings. |
Just In Time Provisioning
| Field | Description |
|---|---|
| Enable JIT provisioning | This enables or disables the creation of users upon authentication if they are not yet ConceptShare users.
Use the Default account role and Default project role menus to specify what default roles are assigned to new users. ConceptShare recommends using a role with limited access because an account administrator can always update user roles if further access is needed. Inactive users cannot use this method to have their ConceptShare account reactivated.
Important: If your email domain is changing, make the changes to the ConceptShare username
before the users authenticate, or else a new and entirely independent user will be created, and the two resources cannot be merged.
If you select No, users must have an Active status in ConceptShare before they are able to authenticate. |