Single Sign-On with SAML
For Enterprise accounts, Nirmata supports Single Sign-On (SSO) with SAML 2.0. This feature allows enterprise administrators to manage their users in a secure and easy manner. For example, when an employee is on-boarded to, or leaves, the enterprise the administrators can enable, or disable, their account in a single place for all enterprise services. This feature also makes life easier for enterprise users as they can authenticate once, and access all enabled services without managing separate passwords and accounts.
SAML (Security Assertions Markup Language) is a protocol that defines how systems can exchange security data. The following references are useful in understanding SAML:
The SAML protocol is defined at: Security Assertion Markup Language (SAML) V2.0 Technical Overview - OASIS.
Although SAML is a complex protocol, Nirmata makes it extremely easy to setup and manage. Here are the detailed steps:
- In your Account view (Settings, Account) select the option "Enable Single Sign-On with SAML":
- This option provides a dialog where you can upload the SAML metadata file of your Identity Provider (IdP) e.g. ADFS 3.0. Or, you can manually configure your IdP settings.
SAML IdP Metadata import:
SAML IdP manual configuration:
- Next, export your account’s Nirmata SAML Service Provider (SP) metadata and import that into your IdP. To export the SP Metadata go to Settings - SAML 2.0 and click on the View SP Metadata option. You can then copy the metadata or download it to a file.
To complete the setup, you can now import the SAML SP Metadata into your IdP. If you are using Microsoft AD FS (Active Directory Federation Services) follow the steps at Setup AD FS for use with Nirmata to configure ADFS for SSO with Nirmata.
Thats it! You now have SAML fully configured!
Note: By default, self-signed certificates are used to sign and encrypt the data. In order to use CA signed certificates, see Using CA signed SAML signature certificates.