We are glad to introduce support for SAML, an open industry standard used by many identity providers. This new feature improves security in Appranix’s user authentication and simplifies user management. Appranix accepts only SAML assertions from the configured Identity Provider in each account.
Overview
Appranix supports SAML authentication with various Identity Providers (IdP). Users can log in to the Appranix application by using their account URL, and login credentials provided by their IdP.
The following diagram illustrates the flow for SAML-enabled single sign-on with Appranix
The diagram illustrates the following steps:
- The user accesses the Appranix application.
- Appranix returns a redirect URL with the SAML Request.
- A user submits the SAML request obtained from Appranix to the Identity Provider
- Identity Provider validates the user and SAML requests. After validation is done, the IdP generates a SAML Response for Appranix and sends it to the user.
- The user submits the SAML response to Appranix.
- Appranix validates the SAML response and authorizes the user in Appranix.
Steps to configure SAML authentication in Appranix:
SAML authentication in Appranix will be configured by the account admin. To enable this feature in Appranix, the account admin needs to follow the below steps.
Goto Appranix IAM service -> Single Sign-On (SSO) -> Enable Single Sign-On(SSO)
Register the Appranix application as a Service Provider(SP) in their IdP. Appranix provides Entity Id, Assertion Consumer Service(ACS) URL, and Encryption certificate.
Add the attribute statement with the name ‘email’ while configuring Service Provider(SP) in Identity Provider(IdP).
The SAML Metadata will be generated, once Appranix gets registered in their IdP. The IdP metadata is entered into Appranix, after that Appranix enables SAML authentication for that particular account. Now the account users can log in using their IdP login credentials.
In Appranix, each account has a unique URL for accessing the Appranix application. While accessing that URL, Appranix will redirect to the IdP if SAML authentication is enabled for that specific account. After the user logs in the IdP successfully, the user is redirected back to Appranix along with the SAML response.
Appranix validates the SAML response and then allows that user into the application.
