SSO Settings

Overview

You can configure your single sign-on settings in the System Settings section of Builder.

Note that in order to edit these settings, a user must have the 'Edit System Settings' access option enabled as part of their user role. Users without this access option will be able to view the settings in read-only mode.

How to Configure Intelligent SSO Routing

Administrators can now map domain names (e.g., @yourcompany.com) to an SSO provider in Builder. By mapping domain names to an SSO provider, the system will use the domain of a user’s email address to instantly identify which SSO provider should handle their authentication.

To do this, in Builder navigate to the SSO Settings section of System Settings.

Once there you can add, edit or delete Identity providers and domains. Certificates can also be replaced or downloaded.

Adding an Identity Provider

To add a new Identity Provider, click on the plus icon. In the resulting pop up you should set a name and can give an optional description, then choose to either import settings from a metadata file or enter settings manually.

For a full list of SSO provider attributes see the table below:

Attribute

Description

Name

A unique, human-readable identifier for the identity provider. This field is required.

Logo for Login Page

Upload the logo for the provider. This logo will appear on the Enate login page.

Description

An optional free-text field to provide additional context or notes about the identity provider configuration.

Specifies the SAML binding method used for login requests (e.g. HTTP Post or HTTP Redirect). Determines how authentication requests are transmitted to the IdP.

Logout Binding Type

Specifies the SAML binding method used for logout requests (e.g. HTTP Post or HTTP Redirect). Determines how logout requests are sent to the IdP.

Allow Identity Provider Initiated Login

A toggle/checkbox that, when enabled, allows users to initiate a login session directly from the identity provider without a prior service provider request.

Identity Provider ID

A unique identifier (typically a URI) that distinguishes this identity provider. Used by the service provider to reference the correct IdP during SAML exchanges. This field is required.

Single Logout URL

The endpoint URL on the identity provider to which logout requests and responses are sent, enabling a coordinated single logout across all active sessions.

Single Sign-On URL

The endpoint URL on the identity provider that receives and processes SAML authentication requests. This field is required.

User Identifier Claim

The SAML assertion attribute used to uniquely identify the authenticated user (e.g. email or username). This field is required.

Identity Provider Certificate

The X.509 public certificate provided by the identity provider, used to verify the digital signature on SAML assertions. Accepts DER or Base-64 encoded certificates. This field is required.

Editing / Deleting Identity Providers

To edit an Identity Provider's details, click on the relevant provider row to bring up the provider details pop-up. You can then edit the details of that provider.

PreviousCustom Content Security Policy Settings NextApproval Settings

Last updated 1 month ago

Was this helpful?