Sym can be configured to work with any external Identity Provider (IdP) that supports SAML 1.1 or SAML 2.0.
Follow this guide to configure Sym as a SAML Service Provider, using your Identity Provider (IdP) for SSO.
The first step is to get the relevant metadata and certificate from your IdP.
Note: Some Identity Providers will allow you to download a metadata xml file that contains the information listed below.
- SSO URL: This is the URL from the IdP that authentication requests are sent to.
- Logout URL: This is the URL that SAML logout requests should be sent to.
- Signing certificate: This is the certificate used to validate the signature of the signed assertions.
You should be able to download the signing certificate from the IdP. This certificate needs to be in the .pem or .cer format.
Use your shared Slack channel or support email to send the metadata and certificate to Sym.
Sym will take this metadata and certificate and configure your account. We will then send you back additional configuration information for your IdP, in the form of a metadata file.
Note: Some Identity Providers will allow you to upload a metadata xml file that contains the configuration data provided by Sym.
Navigate to the SAML configuration screen in your Identity Provider. If your IdP supports uploading a metadata file, you will be able to upload the metadata file provided by Sym. Otherwise, follow the steps below.
Configure Assertion Consumer Service URL or Application Callback URL. This will be in the format
If your IdP supports Audience or Entity ID field based on the Entity ID provided:
If your IdP supports a choice for bindings, choose HTTP-Redirect for Authentication Requests.
Configure Single Logout Service URL as
Configure Signing Logout Requests. Ensure that SAML Logout Requests are signed.
Now that you have your Identity Provider configured, its time to test!
- Ask Sym to validate the configuration.
symflow login(read more about symflow), which will launch your Identity Provider and enable you to log in.
Updated about 1 year ago