Skip to main content
Skip table of contents

SAML Application

SAML Application type is application supporting SAML as alternative authentication option. SAML application is defined by following attributes:

  • Service Provider name - Friendly name of the application.

  • Service Provider Friendly Name - Service provider friendly display name.

  • RedirectURL - URL of the application after SAML authentication is completed.

  • Metadata upload Type:

    • File: Application metadata file is referenced only once during the setup. Once metadata are expiring, needs to be uploaded manually again.

    • URL: Application metadata file is referenced by URL where Metadata are available online. This URL is regularly checked for changes in metadata file.

  • Attributes: one or several attributes delivered in SAML response. Default attributes are: mail, sAMAccountName and userPrincipalName.

  • NameID attribute - attribute from list of allowed attributes defined in previous setting.

  • SAML Version used in authentication:

    • SAML1

    • SAML2

  • Authentication flow:

    • Veridium Journey - Veridium authentication flow

    • SPINEGO, Veridium Journey - first Kerberos authentication implemented by SPINEGO, if it fails, than Veridium Journey will be executed. (this option is beneficial for domain joined computers/users. When user is authenticating internally, Kerberos authentication will take place and user is automatically authenticated by Kerberos. When user is coming externally, Veridium Journey is executed).

  • NameID format. Allowed options:

    • Email - email address is used as NameID

    • Transient - An identifier that is generated with a new value for each authentication. 

    • Persistent - An identifier that is computed and stored once for each user/SP combination. The same value will be released each time a user authenticates from the same SP but different values will be released if the user also authenticates from other SPs.

  • Encrypt assertions - Toggle SAML response encryption (default: not encrypt)

  • Allow NameID in Request - Toggle to allow service name id in request to IDP (default: Allow)

  • Hide SSP - Toggle to hide enrollment link in IDP veridium authentication (default: Not hide)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.