Authentication Service - Properties tab (SAML2) - Security Center 5.9

Security Center Administrator Guide 5.9

Applies to
Security Center 5.9
Last updated
2022-10-25
Content type
Guides > Administrator guides
Language
English
Product
Security Center
Version
5.9

You can configure an Authentication Service using the SAML2 protocol from the Roles view of System task in Security Center Config Tool.

In the Properties tab, you can configure a SAML2 identity provider for third-party authentication.

Protocol
Sets the authentication protocol to use with this identity provider. Changing the protocol migrates the Authentication Service configuration between OpenID and SAML2.
CAUTION:
Depending on the original configuration, migrating an Authentication Service role to another protocol might leave errors in the new configuration. After migrating, ensure that the new configuration is complete and accurate before using it.
Display name
Identifies this provider on the client logon screen. Each provider is presented as a button with the text "Sign in with <display name>".
Issuer
EntityId URI for the identity provider.
Metadata URL
Secure URL (https) pointing to the provider's SAML2 metadata document. This file contains all necessary information to interact with the third-party identity provider, including endpoint locations and capabilities.
Client ID
The client ID (also known as audience) is a unique identifier for Security Center that is issued by the identity provider when the application is registered.
Domain names
A list of domain names associated with users who will connect to Security Center using this identity provider. Usernames that include one of these domains will automatically be redirected to the provider's logon screen.
Use artifact resolution
This switch is turned off by default. Turn it on to use the Artifact Resolution Protocol if it is supported by your identity provider. Artifact resolution provides a more secure form of authentication.
Username assertion
SAML2 assertion used by the identity provider to return the username of the authenticated party. Security Center requires a username to authorize access to the client.
Group assertion
SAML2 assertion used by the identity provider to return the group memberships of the authenticated party. Security Center requires group membership to authorize access to the client.
User groups
Add or remove Security Center user groups that are associated with this identity provider. If your identity provider can export a list of groups in CSV format, that list can be imported here. Groups missing from this list are not associated with the identity provider and will not be used to authorize incoming users.