- Getting started
- Best practices
- Tenant
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- About the host level
- Managing system administrators
- Managing tenants
- Configuring system email notifications
- Audit logs for the host portal
- Maintenance Mode
- Organization administration
- Troubleshooting
Configuring SSO: SAML 2.0
Orchestrator can handle single sign-on (SSO) authentication based on SAML 2.0. To enable it, both Orchestrator/Identity Server as Service Provider, and an Identity Provider must be properly configured so that they can communicate with each other. If SAML is enabled and correctly configured, a button is displayed at the bottom of the Login page. If the external identity provider uses a multi-factor authentication protocol, the user needs to comply to the corresponding rules as well in order to successfully log in.
To enable SAML authentication, the high-level process is as follows:
-
Define a user in Orchestrator and have a valid email address set on the Users page.
This applies if your email address is set as a SAML attribute. You can configure a custom mapping strategy as well.
- Import the signing certificate provided by the Identity Provider to the Windows certificate store using Microsoft Management Console, and set Orchestrator/Identity Server to use it accordingly.
-
Add the configuration specific to the identity provider you want to use in the Saml2 settings (Users > Authentication Settings > External Providers), making sure the Enabled checkbox is selected. Follow the instructions for the identity provider you use: