These instructions only apply if you have a standalone installation of Orchestrator. If you are using Orchestrator in Automation Suite, follow the instructions for Automation Suite instead.
Orchestrator can handle single sign-on (SSO) authentication based on SAML 2.0. To enable it, both Orchestrator/Identity Server as Service Provider, and an Identity Provider must be properly configured so that they can communicate with each other. If SAML is enabled and correctly configured, a button is displayed at the bottom of the Login page. If the external identity provider uses a multi-factor authentication protocol, the user needs to comply to the corresponding rules as well in order to successfully log in.
To enable SAML authentication, the high-level process is as follows:
- Define a user in Orchestrator and have a valid email address set on the Users page.
This applies if your email address is set as a SAML attribute. You can configure a custom mapping strategy as well.
- Import the signing certificate provided by the Identity Provider to the Windows certificate store using Microsoft Management Console, and set Orchestrator/Identity Server to use it accordingly.
- Add the configuration specific to the identity provider you want to use in the Saml2 settings (Users > Authentication Settings > External Providers), making sure the Enabled checkbox is selected. Follow the instructions for the identity provider you use:
Updated 11 days ago