SSO Configuration Based on SAML

Configure Security Assertion Markup Language(SAML) based Single Sign-On (SSO).

To configure SAML based Single Sign-On for the tenant:

  1. In the SSO Configuration page, click CONFIGURE SAML. The SAML Configuration page can be divided into the following four sections:
    • Default Settings
    • Roles settings
    • Groups settings
    • IdP configuration
  2. In the Email ID SAML attribute field, enter the SAML attribute that must be mapped to the email ID in Reltio.
  3. Enter the Role Settings as described in Table 1: SAML Role Settings.

    Table 1. SAML Role Settings
    Field Description
    Default Roles The default roles that each new user will receive on logging into the tenant. Click the arrow to view and select roles.
    Note: A user who logs into SSO will be assigned the roles selected here. If roles are added or deleted either in Reltio or IdP, the subsequent access attempts will be validated against the new roles, and not the default ones.
    Manage Roles in IdP Denotes whether roles are to be managed in IdP or in Reltio. Select this checkbox to manage roles in IdP. Clear this checkbox to manage roles in Reltio.
    Note: If you select this checkbox, roles are copied from IdP and Reltio roles are ignored. If you opt to manage roles in Reltio, the IdP roles will not be copied into Reltio and only Reltio roles will be used.
    Roles SAML attribute The SAML attribute that will be mapped to the user roles in Reltio. This field is displayed only if you have selected the Manage Roles in IdP checkbox.
    Role regular expression The regular expression to be used to extract roles from the SAML attribute. Select .csv to specify a comma separated file or enter the regular expression in the field provided. This field is displayed only if you have selected the Manage Roles in IdP checkbox.
  4. Enter Group Settings as specified in Table 2: SAML Group Settings.

    Table 2. SAML Group Settings
    Field Description
    Default Groups The default groups that the user will be part of as soon as they log in to the tenant. Click on the arrow to view and select groups.
    Manage Groups in IdP Denotes whether groups are to be managed in IdP or in Reltio. Select this checkbox to manage groups in IdP. Clear this checkbox to manage groups in Reltio.
    Note: If you select this checkbox, groups are copied from IdP and Reltio groups are ignored. If you opt to manage groups in Reltio, the IdP groups will not be copied into Reltio and only Reltio groups will be used.
    Group SAML attribute The SAML attribute that will be mapped to the groups in Reltio. This field is displayed only if you have selected the Manage groups in IdP checkbox.
    Group regular expression The regular expression to be used to extract groups from the SAML attribute. Select .csv to specify a comma separated file or enter the regular expression in the field provided. This field is displayed only if you have selected the Manage groups in IdP checkbox.

  5. To upload the IdP SAML Metadata file to configure your Identity Provider, drag and drop your file in the place assigned to it or browse for it.
  6. Click CONFIGURE that is available at the top of the page. When the SAML XML file is uploaded, the system will validate it for its completeness and provide you with the Entity ID and Assertion Consumer Service (ACS) URL.
    Note: You can use this information to configure your IdP. Alternatively, you can also download the SP-METADATA.XML file which also contains this information.

When your SAML is configured, you can update the configuration by clicking Update. You can also delete this configuration by clicking Delete Configuration.