SAML IdP

The SAML IdP screen enables you to view, add, and update the IdP settings for site logins.

SAML IdP list

Accessing the screen

In the left sidebar menu, under "SETTINGS", click [External system integration] -> [SAML IdP].

Image from Gyazo

Item descriptions

Image from Gyazo

ItemDescription
EnableStatus of the IdP.
Image (fetched from Gyazo): Enabled
Image (fetched from Gyazo): Disabled
Login SAML IdP nameName of the IdP.
Entity IDSAML entity ID.
Valid untilExpiration date and time of the IdP.
Updated onDate and time of last update to the IdP.

SAML IdP editor

Accessing the screen

In the left sidebar menu, under "SETTINGS", click [External system integration] -> [SAML IdP].

Image from Gyazo

On the SAML IdP list screen, click the name of the IdP you want to edit.

Image from Gyazo

Item descriptions

SAML IdP editor

Image from Gyazo

ItemDescription
Login SAML IdP nameName of the IdP. To enable the IdP, check the "Enable" box and specify the required SP metadata below.
Login SAML IdP URIURL that accepts authentication requests from the service provider. This is displayed as IdP metadata and can be manually configured on the SP side as an IdP URL.
Entity IDSAML entity ID.
Encryption algorithmAlgorithm to encrypt the login data.
Valid untilExpiration date and time of the IdP.
Name ID formatFormat of the name ID.
CertificatesCertificate file and key used for data encryption. Click [Regenerate certificates] to generate them automatically.
SP metadata fileXML metadata file of the service provider. When creating a new IdP, you can omit this field by disabling the IdP.
(Note: Instead of uploading a file, you can also click [Don't have config file? Please click here.] to manually enter the following data in text format.
  • ACS URI: Assertion customer service URL.
  • SP entity ID: Entity ID given by the service provider.)
Attribute mappingYou may map a user field as a SAML attribute to distinguish between users. At least one identifier is required for SAML authentication.

Advanced settings

Image from Gyazo

ItemDescription
Login URLLogin page URL. Leaving this field blank will redirect the user to the admin panel login URL (i.e., https://(site key).g.kuroco-mng.app/management/login/login/)
Allow IdP initiated flowCheck this box to enable IdP initiated flow.
Default relay stateDefault relay state to be sent when IdP initiated flow is enabled.

Actions

Image from Gyazo

ButtonDescription
UpdateApply all changes made on this screen.
Download metadataDownload the current IdP metadata in SAML 2.0-compliant XML format.
DeleteDelete the current IdP.