Authentication Service - Properties tab (SAML2) - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

You can configure an Authentication Service using the SAML2 protocol from the Roles view of System task in Security Center Config Tool.

On the Properties page, you can configure a SAML2 identity provider for third-party authentication.

Protocol
Sets the authentication protocol to use with this identity provider. Changing the protocol migrates the Authentication Service configuration between OpenID and SAML2.
CAUTION:
Depending on the original configuration, migrating an Authentication Service role to another protocol might leave errors in the new configuration. After migrating, ensure that the new configuration is complete and accurate before using it.
Display name
Identifies this provider on the client logon screen. Each provider is presented as a button with the text "Sign in with <display name>".
Metadata URL
Secure URL (https) pointing to the provider's SAML2 metadata document. This file contains all necessary information to interact with the third-party identity provider, including endpoint locations and capabilities.
Client ID
The client ID (also known as audience) is a unique identifier for Security Center that is issued by the identity provider when the application is registered.
Default provider
This option is turned off by default. Turn it on to use this identity provider for user authentication from all domains. If you have multiple Authentication Service roles, only one role can be set as the default provider, and this option is disabled for all other roles.
Domain names
Only shown when Default provider is turned off. A list of domain names associated with users who can connect to Security Center using this identity provider. Usernames that include one of these domains will automatically be redirected to the provider's logon screen.
Use artifact resolution
This option is turned off by default. Turn it on to use the Artifact Resolution Protocol if it is supported by your identity provider. Artifact resolution provides a more secure form of authentication.
Username assertion
SAML2 assertion used by the identity provider to return the username of the authenticated party. Security Center requires a username to authorize access to the client.
Group assertion
SAML2 assertion used by the identity provider to return the group memberships of the authenticated party. Security Center requires group membership to authorize access to the client.
Issuer
EntityId URI for the identity provider.
User groups
Add or remove Security Center user groups that are associated with this identity provider. If your identity provider can export a list of groups in CSV format, that list can be imported here. Groups missing from this list are not associated with the identity provider and will not be used to authorize incoming users.