Edit SAML-Based IdP Connection Details

About this task

To edit a SAML-based IdP connection:

Procedure

  1. In the SOTI Identity Admin Console, open the main menu and select Directories/IDP.
  2. Select the IdP connection you want to edit and then click Edit in the Actions bar along the bottom of the screen.
  3. In the Edit IdP Configurations dialog box, edit the IdP connection as needed.
    Name Enter the name of IdP connection. SOTI Identity checks the availability of the name within its system. Unavailable names are flagged and you cannot save the IdP connection until it is updated.
    IdP Metadata File Click Import to upload the IdP's metadata file into SOTI Identity system. This metadata file contains information necessary to create a link between the IdP and SOTI Identity. If you do not have an IdP metadata file then you must fill in the IdP connection information manually.
    IdP Entity ID Enter the globally unique identifier for the SAML IdP. The IdP Entity ID can be obtained from your IdP administrator. SOTI Identity checks the availability of the IdP Entity ID within its system. Unavailable IDs are flagged and you cannot save the IdP connection until it is updated.
    SSO URL Enter the IdP SSO login URL. SOTI Identity uses this URL to initiate the SSO login sequence. The IdP URL can be obtained from your IdP administrator.
    Note: SOTI Identity supports only HTTP-POST binding.
    Logout URL Enter the URL to which users are redirected, when they log out from the SOTI Identity console. If a Logout URL is not provided, users are redirected to a default log out page.

    When SOTI Identity logs out the user, it informs the third-party IdP on this URL so that it can log out the user itself (and perform any other expected actions). If a third-party IdP informs SOTI Identity that a user is logging out, SOTI Identity responds to the third-party IdP on this URL.
  4. Map a new verified domain to the SAML based connection.
  5. Upload a certificate that authenticates your IdP. Click to open a file explorer window. Navigate to the certificate and upload it to SOTI Identity.
    You can upload multiple certificates to SOTI Identity. The certificates are evaluate in the order they appear here, starting from the top, until a valid certificate successfully authenticates the IdP.

    Certificates must be in either DER-encoded binary X509 or Base64-encoded X.509 format.

  6. Update the user attributes.
    Email This refers to the keyword defining the search filter for fetching the user's email address.
    First Name This refers to the keyword defining the search filter for fetching the user's first name.
    Last Name This refers to the keyword defining the search filter for fetching the user's last name.
    Member of This refers to the keyword defining the search filter for fetching the user's group membership details.
    Delimiter for Multiple "Member of" This refers to the delimiter keyword defining the search filter for fetching multiple users' group membership details.
  7. In the Map Additional User Attributes section, click to add additional user attributes. Enter a name for the user attribute and then select an attribute from the Mapped Attribute dropdown list.
  8. Click Update to save your changes.