SAML authentication can be used to establish a secure single sign-on (SSO) connection between Buzz and an external identity provider (IdP).
|Identity provider (IdP)||The IdP is used to identify users based on credentials. The IdP provides the login screen interface and presents information about the authenticated user to the SP after successful authentication.
Examples: Google Apps, ADFS, PowerSchool
|Metadata||Information about the SP or IdP, often referred to as the SP metadata or IdP metadata. This metadata should be provided as XML and is used by the SP and IdP to inform each about the settings and URLs of the other.
|Security Assertion Markup Language (SAML)||An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an IdP and an SP.
|Service provider (SP)||An SP is a website providing information and other tools to the authenticated user. For these instructions, Buzz is the SP.
|Single sign-on (SSO)||An authentication service that permits a user to use one set of login credentials (e.g., username and password) to access multiple applications.
How does SAML SSO work?
SAML in Buzz is initiated by a user. This is the basic process:
User selects "Login" from the Buzz login webpage.
NOTE: Buzz only supports SP-initiated SSO.
- Buzz generates SAML request and redirects the webpage to the IdP.
- IdP receives the SAML request and verifies user. If the user is not already authenticated into the IdP, then the user will be prompted to authenticate.
IdP sends SAML response to Buzz and redirects the webpage to Buzz.
NOTE: Buzz requires that the SAML response contains the following attributes:
- saml:NameId (must match the user's Buzz username)
- Buzz receives and verifies SAML response.
- Buzz grants user access.
How to set up your SAML authentication?
To set up your SAML authentication:
- Access the SP (Buzz) metadata file using the following URL (replace the bolded text with your userspace name):
- Go to your IdP and create a new SAML configuration. Each IdP is different in how to configure and setup a new SAML configuration and you may need to consult an expert (or the internet).
- The IdP will then ask to either (a) enter, (b) upload, (c) copy and paste, or (d) provide the URL to the SP metadata (see step 1). If optional, enter the URL as it could dynamically pull the information into the IdP from the SP, reducing the need for future changes.
- Once configured and available in your IdP, download the IdP metadata file.
- Rename the downloaded IdP metadata file to
- Complete the SAML steps in this article (use the
idp-meta.xmlfile in step 3): How do I enable Single Sign-On (SSO) in Buzz?
- Attempt to login to Buzz using your new SAML integration.
NOTE: Some IdPs do not allow for their service to be loaded inside of another webpage. If your IdP does not load (e.g., blank screen), you may need to select "Open in new window" when configuring the SAML integration in step 6.