SAML Service Provider Setup

Introduction

This guide gives an overview of how to configure an application to work with Acceptto’s SSO service, which allows access to the application using Acceptto authentication technology. You will be configuring your application to act as a Service Provider and configuring Acceptto to act as an Identity Provider.

Requirements
  1. Acceptto Appliance configured to connect to your user directory
  2. An Acceptto Organization account, with access to an administrative user
  3. An Application that supports SAML 2.0 authentication
Setup a SAML Application
  1. Login to Acceptto with a user account that has administrative privileges.
  2. Click on the “Applications” option on the menu bar.
  3. Click on the “New Application” button
  4. On the “Add Application” form, enter the following:
    1. App Name - Application name to be displayed in the admin panel and application portal
    2. Issuer or EntityID - The Issuer/EntityID of the SAML application. For example: ‘google.com/a/org.com’
    3. Sign In URL - The URL used to sign in to the application
    4. Metadata URL - The URL that includes that SAML application metadata
  5. Click “Save” to create the application.
  6. Note: Clicking the “Advanced Options” button allows additional optional configuration such as encryption certificates or custom attribute assertions.

Configure your SAML Application with Acceptto
  1. On the Add Application Page, select ‘Identity Provider Configuration’
  2. Use the configuration data in the settings page to configure you application
    1. Identity Provider Issuer. This is the name of the issuer of the SAML. It may be referred to as the “EntityID” or “Idp Name”
    2. Single Sign-On URL. This is the URL the SP uses to send SAML requests. It may be referred to as the “SAML Endpoint” or “SSO URL”
    3. X509 Certificate. This is the certificate used to validate SAML tokens.
    4. NameIdFormat. This is the user name format in which the user’s identity is asserted to the SAML application.
  3. Using the above data, configure your application according to the vendor instructions.
  4. If your application requires any additional attribute assertions, please access the admin panel and add these via the “Advanced Options” button on the “Add Application”.
  5. It is recommended to test your application by configuring a separate URL in addition to the normal authentication url, in order to test SAML while leaving the local authentication option available.
Support

If you require assistance, please email us at support@acceptto.com

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.