Security Assertion Markup Language (SAML) Settings
SAML provides a way for your users to use a single login to access both your organization's internal systems and ConceptShare. Your access to these settings is dependent on your version of ConceptShare.
By using SAML, ConceptShare can contact your identity provider to authenticate users who are trying to access the account. This is how an organization would enable web browser single sign-on (SSO).
If enabled, SSO makes accessing ConceptShare easy for your users, while allowing your organization to control user names, passwords, and other information used to identify, authenticate, and authorize them through your Identity Provider (IdP).
Initial Terminology
| Term | Description |
|---|---|
| Assertion | This is a statement made by an identity provider stating that the users in question are validated and that they are who they say they are. |
| Identity Provider (IdP) | This is the service that validates identities and submits the validated identities to ConceptShare via Assertions. Among the common IdPs are:
Note: ConceptShare is specifically tested against ADFS 2.0, but you can configure it against most SAML providers.
|
| Service Provider (SP) | This is the system that provides services to end users. Among the common SPs are ConceptShare, SalesForce, and Google Apps. |
| Signing Certificate | This is a certificate (.CER) file generated by your system, which allows ConceptShare to validate digitally signed assertions from your system. |
| Encrypting Certificate | This is a (.CER) certificate provided by the IdP to enable ConceptShare to decrypt information that was sent as part of an assertion. |
Configuring SSO in ConceptShare
For instructions, see https://www.deltek.com/en/learn/blogs/deltek-workbook/2020/01/dev-blog-configuring-single-sign-on-in-conceptshare.
Updating a User Login
When a user's email address changes, make the appropriate changes in your Identity Manager, and then update the email address attached to the resource in ConceptShare. This will trigger an email from ConceptShare to the new email address to confirm the change. Until the change is confirmed, the user will not be able to log into ConceptShare.
If the original email is lost, you can resend the confirmation email by resubmitting the email change.