Skip to main content

Configure SAML

Note

You can only have one SSO provider type enabled at a time.

SAML2.png
Table 28. SAML Configuration Settings

Field

Description

Provider name

The login provider name.

Service provider

The URL assigned to the service provider in a SAML-based federation. Make sure it matches the URL provided to your IdP.

Identity Provider

The URL assigned to the identity provider in a SAML-based federation.

Enable/Disable toggle

Enables or disables the login provider. If disabled, the button will not be shown on the login page.

Metadata document (if applicable)

If the IdP URL does not serve the metadata document, configure a custom endpoint here. Alternatively, upload your own metadata document.

Caution

If a metadata document is not served/uploaded and a custom endpoint is not configured, all login attempts will fail.

Certificate (if applicable)

If message encryption is enabled by the identity provider, the certificate will be used for decryption.

Claim mappings:

The expected claims sent by the identity provider are

  • email

  • given_name

  • family_name

If the IdP uses different claim types, remap them here.



Claim Mappings

Any configured identity provider must provide the following three claims:

  • email, containing the user’s email address

  • given_name, containing the user’s given name

  • family_name, containing the user’s family name

If the identity provider uses different claim types, a custom mapping can be configured via the UI.

Redirect URLs

Once you've finished configuring your SAML set up, the last step is to add the ACS consumer URLs to your identity provider. The companyShortName is a unique identifier for your tenant inside our systems. It can be found in the URLs provided to you for Process Designer or Process Navigator.

For example, the URLs for a company called Celonis would be:

  • in Process Designer: https://symbioweb.com/celonis/demoStorage

  • in Process Navigator: https://navigator.symbio.cloud/celonis

Region

URLs

West Europe

SAML2 ACS Consumer URL: https://auth.symbio.cloud/companyShortName-saml2/Acs

East Europe

SAML2 ACS Consumer URL: https://auth.us-1.symbio.cloud/companyShortName-saml2/Acs

Japan

SAML2 ACS Consumer URL: https://auth.jp-1.symbio.cloud/companyShortName-saml2/Acs

Customization

To configure a SAML2 identity provider, a custom metadata document can either be referenced via URI or by uploading the document. Likewise a custom certificate file can be uploaded. For more information on certificates, refer to Certificate management for SAML single sign-on.