Security Assertion Markup Language (SAML) Single Sign On (SSO)
Configure SSO based on SAML 2.0 protocol.
SAML 2.0
SAML 2.0 is a single sign-on (SSO) and federation protocol suite that enables your organization to synchronize identity with web applications. Once you have configured SSO for your organization, your users can log in to Reltio without entering passwords.
Identity Provider
- Provides SAML attributes identifying the user attempting to interact with the Service Provider (SP)
- Asserts to the SP that the user identified by those attributes is authorized by the provider to access the service
- Optionally provides additional attributes for the user, such as group membership information, that the SP may use for provisioning the user in the system
Service Provider
A Service Provider (SP) is a Web application, such as Reltio platform, that consumes information from your IdP in order to provision users and determine their access privileges.
Trust Relationship
Before an IdP and an SP can exchange SAML messages, an administrator must configure each of them to trust each other.
Web Browser SSO
- SP-initiated login when the user visits the SP first
- IdP-initiated login when the user visits the IdP first
SP-Initiated Login
If a user arrives at Reltio platform tenant URL without logging in, the user is then forwarded to configured IdP in order to obtain a SAML assertion. Once the user is authenticated in the IdP, the user is redirected back to Reltio with an assertion, using which the user is logged in to Reltio platform.
IdP-Initiated Login
Another way for an end-user to perform SSO is to login to the IdP and visit an application portal that provides a menu of SSO-accessible applications.