How-tos

Connecting and Configuring SAML Applications in Cloudentity

This article guides you through the process of connecting SAML applications that you want to protect in Cloudentity.

About SAML Client Applications in Cloudentity

Turn on SAML in your tenant

SAML support is disabled by default. To enable it in your tenant, please contact the Cloudentity sales team.

In Cloudentity, Application is defined as a Client and Service. Client can be understood either as an OAuth 2.0 Client or as a SAML Service Provider.

This document deals with the configuration of the SAML Service Provider. Cloudentity allows you to connect a SAML client application. In this case,

Cloudentity exposes a SAML SSO login and metadata endpoints for this application and protects its resources by enforcing the assigned policies (such as MFA requirements for users).

Prerequisites

  • You have login credentials to Cloudentity.
  • You have created a workspace or a developer portal that you want to create your application in.

Create SAML Application

  1. In the selected workspace, select Applications > Clients from the sidebar.

  2. Select Create client.

  3. In the client form

    1. Select the SAML Service Provider application type.

    2. Give your SAML SP a meaningful name.

    3. Select CREATE to proceed.

Result

Your application has been created and you are redirected to its Overview for further configuration.

Configure SAML Client Application

  1. In Overview tab, configure basics settings for your application.

    1. Update Name and Description.

    2. Enter Privacy Policy, which is a link to application usage related policy statements (included as part of the consent screen).

    3. Enter Terms of service, which is a link to application terms and conditions (included as part of the consent screen).

    4. Enter Client Details, which is a link to details on the client application or/and company (included as part of the consent screen).

    5. Select SAVE CHANGES when you’re done configuring Overview.

    Note

    In the Overview tab, you can also delete the application by selecting DELETE APPLICATION.

  2. Select the SAML tab and upload the service provider metadata. This is the description of your service provider for which Cloudentity will expose the SAML SSO login endpoint.

  3. Go to Policies and assign policies governing this application in different scenarios. Check the Cloudentity policy definition for more details.

    1. Select User policy (a set of conditions for the user to access the client application).

    2. Select Machine token policy, used when the application is part of the Client Credentials (machine-to-machine) flow.

  4. Select the Endpoints tab to check the SAML SSO and Metadata endpoints of this application exposed by Cloudentity.

  5. Select the Metadata tab to identify information on the application developer or configure metadata of the application itself.

    Work with Metadata

    For more information on how to preview information on the application developer or configure metadata on the application, see Identifying developers metadata for applications and Configuring application metadata, respectively.

Result

Your application is available in the Client Applications view of your workspace and ready for use.

Updated: Oct 26, 2022