SAML Authentication

When integrating SMA 1000 with SAML IdP like Azure/ OKTA for authenticating users, Administrators has to rely on the instructions provided by IdP about its endpoints to configure SMA. This is a challenge for Administrators to integrate popular IdPs with SMA, especially when IdPs change their user interface. To overcome this scenario, SMA being a standard compliant SAML service provider is enhanced to provide a standard protocol called metadata, containing configuration details of endpoint which can be used to solve the difficulties associated in manually configuring the SAML endpoints. This helps the Administrators to configure any SAML IdP as authentication server.

Prerequisites:

• SMA1000 build 12.4.2 version.
• SMA1000 Standalone/CMS platforms

• Admin account on any SAML IDP

• Supported clients OS (no OS dependency)

To configure SAML IDP authentication in CMS

1. Download the SAML IDP metadata.

   

2. In the CMS, navigate to Managed appliance > Configure > Define Policy page, under System Configuration group, click Authentication Servers.

3. Click + New and select SAML 2.0 Identity Provider as Authentication directory to create a Authentication server.

   

4. In the Identity Provider Configuration group, click Choose File and select the downloaded metadata.xml from step 1.

5. Click Import.

   All the IDP configuration fields are filled with the respective values including IDP certificate.

   

   When you are importing the metadata file under authentication server, the CA certificate for SAML verification is enabled by default. In addition, the imported CA certificates under SSL Settings > CA Certificate with SAML verification enabled will be displayed.

   You can also download appliance configuration as XML file and can import in Identity Provider Configuration.