<p>For Enterprise accounts, CompanyName supports Single Sign-On (SSO) with SAML 2.0. This feature allows enterprise administrators to manage their users in a secure and easy manner. For example, when an employee is on-boarded to, or leaves, the enterprise the administrators can enable, or disable, their account in a single place for all enterprise services. This feature also makes life easier for enterprise users as they can authenticate once, and access all enabled services without managing separate passwords and accounts.</p> <p>SAML (Security Assertions Markup Language) is a protocol that defines how systems can exchange security data. The following references are useful in understanding SAML:</p> <ul> <li><a href="https://en.wikipedia.org/wiki/SAML_2.0">SAML 2.0 - Wikipedia</a></li> <li><a href="http://saml.xml.org/wiki/saml-introduction">SAML Introduction - XML.org</a></li> </ul> <p>The SAML protocol is defined at: <a href="http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html">Security Assertion Markup Language (SAML) V2.0 Technical Overview - OASIS</a>.</p> <p>Although SAML is a complex protocol, CompanyName makes it extremely easy to setup and manage. Here are the detailed steps:</p> <ol> <li>In your Account view (<a href="https://www.nirmata.io/webclient/#account">Settings -&gt; Account</a>) select the option &quot;Enable Single Sign-On with SAML&quot;:</li> </ol> <p><img src="/images/SAML-1.png" alt="image"></p> <ol start="2"> <li>This option provides a dialog where you can upload the SAML metadata file of your Identity Provider (IdP) e.g. ADFS 3.0. Or, you can manually configure your IdP settings.</li> </ol> <p>SAML IdP Metadata import:</p> <p><img src="/images/SAML-2.png" alt="image"></p> <p>SAML IdP manual configuration:</p> <p><img src="/images/SAML-3.png" alt="image"></p> <ol start="3"> <li>Next, export your account&rsquo;s CompanyName SAML Service Provider (SP) metadata and import that into your IdP. To export the SP Metadata go to <a href="https://www.nirmata.io/webclient/#identityProvider">Settings - SAML 2.0</a> and click on the View SP Metadata option. You can then copy the metadata or download it to a file.</li> </ol> <p><img src="/images/SAML-4.png" alt="image"></p> <p>To complete the setup, you can now import the SAML SP Metadata into your IdP. If you are using Microsoft AD FS (Active Directory Federation Services) follow the steps at <a href="/settings/#setup-adfs">Setup AD FS for use with CompanyName</a> to configure ADFS for SSO with CompanyName.</p> <p>Thats it! You now have SAML fully configured!</p> <p><strong>Note:</strong> By default, self-signed certificates are used to sign and encrypt the data. In order to use CA signed certificates, see <a href="/settings/#using-ca-certs">Using CA signed SAML signature certificates</a>.</p>