You are here

Configuring SAML settings for SSO

If you're a network administrator you can enable SAML (SSO) authentication and configure it to work with Alfresco.
This involves setting up the exchange of metadata between the identity provider (IdP) and the service provider (SP). The IdP metadata includes the required IdP URLs and the certificate.

SAML Configuration
Note: If you do not have an Alfresco account and you have been successfully authenticated in IdP, an Alfresco registration page will be displayed.
  1. Open the user menu on the toolbar and click Account Settings.
  2. Click Single Sign-On (SAML).
  3. Select the Enable SAML (SSO) Authentication option.
  4. Enter the Identity Provider (IdP) settings:

    • IdP AuthenticationRequest Service URL – The URL to which the authentication request from Alfresco is posted. It redirects you to the company's login page that needs to be authenticated.
    • IdP SingleLogoutRequest Service URL – The URL to which a logout request from Alfresco is posted when logging out from Alfresco Share. It logs you out of Alfresco and any other applications using the SSO solution.

    • IdP SingleLogoutResponse Service URL – The URL to which a logout response from Alfresco is posted when receiving a logout request from your IdP.
  5. Click Upload to browse to and upload an IdP certificate.

    This is used to validate requests and responses from your IdP.

    The Entity Identification (Issuer) and the SAML Entrypoint url are generated automatically and can't be edited.

    • The Entity Identification (Issuer) is the issuer's domain name.
    • The SAML Entrypoint url is the address for internal users to access Alfresco through SAML SSO.
      Note: For security reasons, this URL works for users with emails from your network domain only, so should not be shared with external users. External users that are registered in your IdP cannot log in using SSO, however they can still log in through the normal Alfresco login screen.
  6. Download the SP metadata, which contains the required URLs and the certificate.

    You will need to provide these to your IdP.

  7. Click Save.

You have now configured the SSO settings. You can disable these settings by deselecting Enable SAML(SSO) Authentication . Click Reset to restore the last saved configuration.

Now you need to configure the PingFederate identity provider to work with the Alfresco SAML SSO, see Configuring PingFederate to work with Alfresco SAML SSO.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.