Configuring SAML in AssetExplorer
Role Required: SDAdmin
Go to Admin > Organizational Details > SAML Single Sign-On.
In the configurations tab, you will find two sections: Service Provider Details and Configure Identity Provider Details.
Service Provider Details
Under the Service Provider Details section, you will find the following:
Field Name | Explanation |
Entity ID | Use these details to configure AssetExplorer as a service provider in your IdP. |
Assertion Consumer URL | |
Single Logout Service URL | |
SP Certificate | Click the file to download it. Upload this file in the IdP portal. |
SP Metadata file | In some IdPs, uploading the metadata file is enough to configure AssetExplorer as a service provider. |
Changing the alias URL and the service from http to https will be reflected in the Assertion Consumer URL and Single Logout Service URL. You will have to reconfigure SAML authentication in both SP and IdP portals by regenerating the SP certificate.
First, you must configure AssetExplorer as a Service Provider with your Identity Provider.
We have tested SAML 2.0 with ADFS 3.0, Okta, and OneLogin, Azure, and G Suite as the Identity Providers. Click the respective IdPs for configuration information.
After configuring AssetExplorer as a service provider in your IdP domain, return to the SAML configuration page in AssetExplorer.
Configure Identity Provider Details
Under the Configure Identity Provider Details section,
- Enter the Login URL and Logout URL of the IdP.
- Select the Name ID Format based on your login preference.
- To log in using your username, select Transient or Persistent. Ensure that the format selected matches the configuration in your Identity Provider.
- If you wish to log in using your email address, select Email Address.
- If you wish to log in using the User Principal Name (UPN) configured in your Active Directory account, select Unspecified.
- Select the Algorithm from the drop-down. This algorithm should be the same as that configured in the IdP.
- Upload the IdP certificate by clicking the Choose File button.
- Click Save. The details of the certificate will be displayed to the right.
- Enable SAML authentication using the toggle button available on the top of the page.
The History tab lists all the activities carried out on the configuration page. You can view the activities related to a particular attribute using predefined filters as shown below.
Related Articles
SAML Working
Role Required: SDAdmin Security Assertion Markup Language (SAML) is an easier alternative to conventional sign-in methods already available for online services. Users no longer have to provide passwords specific to each service they access. ...SAML Troubleshooting
Role Required: SDAdmin Error Code Reason Solution 4 The IdP certificate file is not uploaded right. Reconfigure IdP details. 8 SAML response is not received from IdP. AssetExplorer supports only POST binding method. Ensure that the IdP follows POST ...Configuring G Suite as the Identity Provider
Role Required: SDAdmin Log in to Google Workspace. Go to Apps > Web and mobile apps. Click Add app > Add custom SAML app. Provide the App name and Description. Upload the App icon and click Continue. On the displayed page, download the certificate ...Configuring ADFS 3.0 as the Identity Provider
Role Required: SDAdmin Before you start the configuration process, make sure that the AssetExplorer application is running in the HTTPS mode. Then, configure AssetExplorer as a Relying Party Trust (RPT). This can be done either manually or using the ...Configuring Database
In GUI Setups AssetExplorer is bundled with PostgreSQL database. You can also configure the application to set up MSSQL database. Configure PostgresSQL database Go to <AssetExplorer_Home>\bin directory in the command prompt and execute the ...