Create SAML Authorization Provider

The following section covers how to setup an SAML authorization provider for user authentication

Log on to ASI and navigate to Settings

From the index on the left, select Access Management then Authorization Providers

You will then be presented with the Authorization Providers page

• Click the CREATE button in the top right of the page which will bring up an option list of provider types.
• Click SAML

You will then be presented with the Create Identity Provider page

Define the attributes for SAML authentication:

Property	Description	Required
Alias	The alias uniquely identifies an identity provider and it is also used to build the redirect uri	true
Display Name	Friendly name for the Authorization Provider	false
Import config from file	Import metadata from a downloaded IDP discovery descriptor	true
File/URL descriptor import	URL to the IDP discovery descriptor	true
Service provider entity ID	The Entity ID that will be used to uniquely identify this SAML Authorization Provider	true
Identity provider entity ID	The Entity ID used to validate the Issuer for received SAML assertions. If empty, no Issuer validation is performed	true
Single Sign On Service URL	The URL that must be used to send authentication requests (SAML AuthnRequest)	true
Single Logout Service URL	The URL that is used to send logout requests	false
NameID policy format	Specifies the URI reference corresponding to a name identifier format	true
Principal Type	Way to identify and track external users from the assertion. Default is using Subject NameID	true
HTTP-POST binding response	Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used	false
HTTP-POST binding AuthnRequest	Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used	false

Microsoft Entra ID

To configure a SAML authorization provider that connects to your Microsoft Entra ID tenant, pleae follow the steps documented here.