SAML (Security Assertion Markup Language) is a federated authentication standard that allows users to authenticate through an external identity provider (IdP) such as Okta, Azure AD, or Google Workspace.
What it is used for
- Implement corporate Single Sign-On (SSO)
- Authenticate users without local passwords
- Integrate with enterprise identity providers
- Centralize access management in the corporate IdP
Configuration
| Field | Description |
|---|
| Provider | Identity provider name |
| Metadata URL | Application federation metadata URL |
| IdP entity ID | Identity provider identifier |
| IdP SSO URL | Single sign-on URL |
| SP entity ID | Service Provider identifier (Gredit) |
| Reply URL | Assertion Consumer Service (ACS URL) |
| Name format | Name identifier format |
| ACS binding | Assertion Consumer Service binding |
| Certificate | SAML signing certificate (Base64) |
Attribute mapping
| Attribute | Description |
|---|
| Username | SAML attribute containing the username |
| First name | Attribute containing the first name |
| Last name | Attribute containing the last name |
| Email | Attribute containing the email address |
| Roles | Attribute containing the assigned roles |
How it works
- The user accesses Gredit with their username.
- If their origin is SAML, they are redirected to the configured IdP.
- After authenticating at the IdP, it sends a signed SAML assertion to Gredit.
- Gredit validates the assertion, creates or updates the user, and assigns roles based on the attribute mapping.
Relationship with other modules
- Authenticates Users with a SAML origin
- Alternative to LDAP for SSO
- Recorded in Login records
- Roles are assigned based on the roles attribute mapping