View Source

Configure the authentication server for SAML integration as described below.

To configure the authentication server parameters for SAML integration

Open the Settings application.
In the left-side menu of the Settings application page, select SAML to open the SAML configuration page.
In the Configuration tab of the SAML configuration page, turn on the Enable SAML authentication switch.
Specify the values of the SAML parameters and click the Save button.
Wait for the message confirming that the SAML configuration was saved successfully.
Select the Identity provider metadata tab and upload the Identity Provider metadata by doing one of the following:
- Click the Upload button and select the XML file with the Identity Provider metadata.
- Copy the XML file's content directly into the Identity provider metadata tab.
Click the Save button to save the uploaded metadata.
If the authentication server is deployed separately from Web Application Platform, restart the authentication server.

SAML parameters

Parameter	Description	Default value
Entity ID	The entity ID of the Service Provider. It can be any string of your choice.	com.nomagic.authentication.server
Name ID format	The name ID format that contains the username of the authenticated user.	urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
Name ID attribute	The SAML user attribute to map to the Teamwork Cloud username instead of the SAML user name ID, which is used by default.	-
Signature algorithm	SAML integration requests a signature algorithm.	RSA-SHA256
AllowCreate Name ID policy	If enabled, adds the AllowCreate attribute to the NameIDPolicy parameter in the SAML request.	Switched on
Disable forced authentication	Sets ForceAuthn to true or false in the AuthnRequest in SAML-based authentication. Change it carefully, as you won't be able to log in with another user after logging out if this switch is turned on. This flag is only used in case the Identity Provider does not support single logout.	Switched off
AuthN contexts	(Optional) If AuthN contexts need to be used, fill in one AuthN context per line.	-
AuthN contexts comparison type	If AuthN contexts are used, select the AuthN Context comparison type.	exact
SAML button title	The button title displayed for the SAML user on the login page.	SAML
Show SAML authentication detailed error	If enabled, a detailed SAML authentication error text is displayed for users.	Switched off
Login RelayState format	The RelayState format for the authentication request.	uuid
Logout RelayState format	The RelayState format for the logout request.	uuid
SAML user attributes for conditional user groups	A list of SAML attributes (one attribute per line) that can be used while defining conditions for conditional user groups. Learn more about conditional user groups.	-