Configure EAA as the IdP for a custom SaaS application
Complete the following procedure to
configure Enterprise Application Access (EAA) as the identity provider (IdP) for a SaaS
application. See Add an application to EAA and Applications for more information.
How to
-
Add an application to EAA.
- Log in to the EAA Management Portal.
- From the top menu bar, click Applications > Add Application.
The Add Applications window appears. - Select a predefined SaaS application profile or add a custom SaaS application.
- Enter an application name and an optional description.
- In the Protocol menu select SAML 2.0.
-
Click Create App and Configure.
The application General settings tab opens.
- If configured under identity provider (IdP), select an application icon and category.
- In the Application URL field, enter the URL of the application. The application URL is the path that users navigate to in their browser to access the application. For example, www.salesforce.com.
-
Select an IdP Signing
Certificate that will sign the SAML request. By default, EAA
generates a self-signed certificate. Alternatively, you can upload your own
certificate.
- Complete the remaining fields. For more information see Configure access parameters for an application.
-
Click Save & go to Authentication.
The application Authentication settings tab opens.
-
Select an identity provider
(IdP) and associate a directory source such as Active Directory (AD) or
Lightweight Directory Access Protocol (LDAP).
-
Click Save & go to SAML settings.
The application SAML settings tab opens.
-
The IdP Info fields
are prepopulated and non-editable. You can upload or use the metadata
information to configure the SAML service provider (SP). To view the IdP
metadata, click View. To download the IdP metadata file, click Download.
Note: For SAML response, EAA only supports POST SAML binding. For SAML request, EAA supports both POST or Redirect SAML binding.
-
Complete the remaining SAML
service provider (SP) fields.
-
As required by the application,
configure user attribute declarations that will be passed as SAML
attributes. User attribute declarations are needed if the application requires
specific attributes in addition to the default AD attributes. You may need to
declare the attributes first before mapping them to AD attributes. See Create user attributes in EAA.
-
After the user attributes are
created, they appear as new fields in the User Attributes section of the Active
Directory (AD). See Map user attributes of the directory.
-
When finished, return to the
application SAML settings tab to deploy the application. Click Save & go to
Deployment.