This SAML Authentication method requires you to manually create user accounts on your tenant. The user attributes are manually maintained directly on the VidyoPortal by the Tenant Admin. Only the username and password are externally verified from your SAML server before your VidyoDesktop user is logged in to the system.
To configure SAML authentication with manual user creation:
- Log in to the Admin portal using your Admin account.
For more information, see Logging in to the Admin interface.
The Users page displays by default.
- Click the Settings tab.
The License page displays by default.
- Click Authentication on the left menu.
The Authentication page displays.
- Select SAML from the Authentication Type drop-down.
- Enter the following information:
- Enter your IdP Metadata XML in the Identity Provider (IdP) Metadata XML field.
Your SAML administrator should be able to provide you with the IdP Metadata.
- The Entity ID field includes your tenants FQDN address by default. However, you may overwrite this default value if necessary.
Note: If your system includes multiple tenants configured to use SAML authentication, this field must contain a unique entity ID for each tenant.
- Select MetaIOP or PKIX validation from the Security Profile options.
PKIX is the most common profile used.
- Select MetaIOP or PKIX validation from the SSL/TLS Profile options.
- Select PKIX if you’re not certain of which profile to choose.
- Select Yes or No from the Sign Metadata options.
- Select Local from the SAML provisioning type drop-down.
- Enter your IdP attribute in the IdP Attribute For User Name field, which will be used when mapping your user names.
Note: This should be provided to you from your IdP administrator.
The value of this attribute must exactly match the user name ID used by your VidyoPortal.
- Click View Service Provider (SP) Metadata XML to view your service provider metadata XML for your SAML-enabled tenant.
Note: You must provide this metadata XML to your IdP administrator to complete the SAML configuration on your tenant.
- Create user accounts manually on your tenant.
User accounts can be added at any time.
For more information, see Adding new users or Importing users.
Note: When you create a new user with SAML authentication enabled, the user name must match the IdP attribute value for user name on your SAML server. When creating new users, passwords are mandatory; however, when you enable SAML, the password in the local database is not used to authenticate the user. When SAML authentication is enabled, the User Portal does not provide Change or Forgot Password options. Only Normal or Executive user types are authenticated by SAML.
- Click Save.