Create App to Single Sign On Users in IDP IDM Tenant

During our last exercise, we downloaded the Service Provider (SP) Metadata configuration while we were configuring our 3rd Party IdP.  Similar to how we provided the Identity Provider (IdP) Metadata previously to establish trust between our two Identity Manager Tenants, the Service Provider Metadata will allow us to create an application in our IDP IDM Tenant that will establish how our SAML assertion will be created to properly authenticate users from the IDP IDM Tenant to the Main IDM Tenant by leveraging the established trust between them.

1. Add a New Application to Single Sign On Users

  1. Navigate to your IDP IDM Tenant Administrator Console tab.
    NOTE - Ensure you are navigating to your IDP IDM Tenant! The name will be "https://{tenantName}".
  2. Click Catalog.
  3. Click New.

1.1. Configure SaaS App Definition

  1. Scroll down to find the Name section and Next button.
  2. Enter "{YourTenant} SSO" for the Name.  
    NOTE - Be sure to replace {YourTenant} with the name of your Main IDM Tenant!
  3. Click Next.

1.2. Open the sp.xml File

  1. Click the File Explorer shortcut from the Task bar.
  2. Click the Downloads folder.
  3. Double-click the sp.xml file to open it.

1.2.1. Select the sp.xml File Text

Right-click anywhere in the sp.xml file and click Select All.

1.2.2. Copy the sp.xml File Text

Right-click again and click Copy.

1.3. Paste the Service Provider Metadata

Back in the IDP IDM Tenant Administrator Console:

  1. Scroll down to find the URL/XML section.
  2. Right-click with the URL/XML textbox.
  3. Click Paste.
  4. Click Next.

1.4. Configure the App Access Policies

  1. Select default_access_policy_set as the Access Policy.
  2. Click Next.

1.5. Save & Assign the SSO App

Click Save & Assign.

1.6. Assign to the ALL USERS Group

  1. Type "ALL USERS" into the User / User Groups search box.
  2. Select the ALL USERS group.

1.6.1. Setup the Deployment Type and Save

  1. Select Automatic for the Deployment Type.
  2. Click Save.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.