Configure EAA as the IdP for a custom SaaS application

Complete the following procedure to configure Enterprise Application Access (EAA) as the identity provider (IdP) for a SaaS application. See Add an application to EAA and Applications for more information.

How to

  1. Add an application to EAA.
    1. Log in to the EAA Management Portal.
    2. From the top menu bar, click Applications > Add Application.
    The Add Applications window appears.
  2. Select a predefined SaaS application profile or add a custom SaaS application.
  3. Enter an application name and an optional description.
  4. In the Protocol menu select SAML 2.0.
  5. Click Create App and Configure.
    The application General settings tab opens.
  6. If configured under identity provider (IdP), select an application icon and category.
  7. In the Application URL field, enter the URL of the application. The application URL is the path that users navigate to in their browser to access the application. For example, www.salesforce.com.
  8. Select an IdP Signing Certificate that will sign the SAML request. By default, EAA generates a self-signed certificate. Alternatively, you can upload your own certificate.
  9. Complete the remaining fields. For more information see Configure access parameters for an application.
  10. Click Save & go to Authentication.
    The application Authentication settings tab opens.
  11. Select an identity provider (IdP) and associate a directory source such as Active Directory (AD) or Lightweight Directory Access Protocol (LDAP).
  12. Click Save & go to SAML settings.
    The application SAML settings tab opens.
  13. The IdP Info fields are prepopulated and non-editable. You can upload or use the metadata information to configure the SAML service provider (SP). To view the IdP metadata, click View. To download the IdP metadata file, click Download.
    Note: For SAML response, EAA only supports POST SAML binding. For SAML request, EAA supports both POST or Redirect SAML binding.
  14. Complete the remaining SAML service provider (SP) fields.

  15. As required by the application, configure user attribute declarations that will be passed as SAML attributes. User attribute declarations are needed if the application requires specific attributes in addition to the default AD attributes. You may need to declare the attributes first before mapping them to AD attributes. See Create user attributes in EAA.
  16. After the user attributes are created, they appear as new fields in the User Attributes section of the Active Directory (AD). See Map user attributes of the directory.
  17. When finished, return to the application SAML settings tab to deploy the application. Click Save & go to Deployment.

Next steps

Deploy the application.