SAML Settings

This article describes the general instructions for creating a Single Sign-on (SSO) endpoint that uses SAML. We have more specific instructions for the following services:

If you are using host mapping with a site and would like to use SSO with that site then please do the following:

  1. Set up your SSO endpoint for the site. The site should have host mapping set up.
  2. Email us with the url of the site and we will finish settings things up for you.

1. Create Single Sign-on endpoint

Refer to the article How do I use Remote Authentication to access my sites or admin area? in order to setup a SSO endpoint. When setting up the SSO endpoint select SAML as the mode.

2. Finish configuring the endpoint

upload saml certificate
  1. X.509 certificate - You need to get this certificate file from your SAML provider and upload it to ScreenSteps. It must be in PEM format.
  2. SAML Consumer URL - Use this URL with your SSO provider.
  3. SAML Test URL - Use this URL to test that your SAML settings work (after you save them and configure your identity provider).
  4. Once you have entered all of your settings, select Update.

3. Metadata for your identity provider

If your identity provider needs you to enter metadata for ScreenSteps, use the SAML Consumer URL shown above.

For the Entity ID use the Entity ID assigned to your ScreenSteps SSO endpoint.

Here is the XML Metadata for ScreenSteps. Be sure to replace the two instances of {{}} with your Entity ID and your SAML Consumer URL:

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="{{replace with your ScreenSteps Entity ID}}">
   <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false" WantAssertionsSigned="false">
      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{replace with your ScreenSteps SAML Consumer URL}}" isDefault="true" index="0" />

4. Activate endpoint

Once you have finished testing your endpoint click the Activate checkbox.


Add your comment

E-Mail me when someone replies to this comment