Contents x
    Generic SAML
    • 04 Sep 2021
    • 1 Minute to read
    • Contributors
      Contents

      Generic SAML

      • Updated on 04 Sep 2021
      • 1 Minute to read
      • Contributors
        Article Summary

        This article describes how Perimeter 81 allows users to authenticate against an external IdP using the Security Assertion Markup Language (SAML) protocol. The platform can automatically manage the IdP added Members and assign them to IdP correlating Groups.

        • Introduction to SAML
        • Integration with a generic SAML IdP
        • Configuring Perimeter 81

        You can also review our integration guides for Okta, OneLogin, PingIdentity, ADFS, and other SAML IdPs.

        Introduction to SAML

        SAML-based federation involves two parties:

        An identity provider (IdP): authenticates users and provides to Service Providers an Authentication Assertion if successful.

        A service provider (SP): relies on the Identity Provider to authenticate users.
        Perimeter 81 supports the SAML protocol and can serve as the service provider for users that are authenticated by different IdPs.

        During the login process, Members will be redirected to the IdP in order to authenticate. Once the user is authenticated, Perimeter 81 will get a SAML assertion and associate the Member with the appropriate role and policies.

        Integration with a SAML IdP

        In order to integrate with a SAML IdP, you will need to create a dedicated Perimeter 81 Application within your SAML IdP.

        Most of the IdPs will require the following information when creating a new application:

        • Single sign-on URL: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
        • Audience URI (SP Entity ID): urn:auth0:perimeter81:{{WORKSPACE}}-oc

        Remember to replace {{WORKSPACE}} with your actual workspace name

        In order to map the IdP members correctly the following attributes have to be passed to the platform:

        IdP AttributePerimeter 81 Mapping
        Email Addressemail
        First Namegiven_name
        Last Namefamily_name

        Should you require to pass group memberships to Perimeter 81:

        IdP ObjectPerimeter 81 Mapping
        Groupsgroups

        Once the application is created you'll be provided with the following information:

        • X.509 Certificate
        • IdP Sign-in URL


        Configuring Perimeter 81

        You need to configure the integration from the Perimeter 81 side.

        1. Log in to your Perimeter 81 Management Platform, and navigate to Settings and then Identity Providers.
        2. Select + Add Provider.
          360008600320addprovider12.png
        3. Select SAML 2.0 Identity Cloud.
        4. Fill in the Sign In URL provided by the IdP.
        5. Add your organization domains.
        6. Paste the X.509 Certificate provided by the IdP.
          360011168680ScreenShot2020-04-19at155827.png
        7. Select Save.

        Access Error troubleshooting

        If your users are getting access error after the configuration, please check these steps.

        Was this article helpful?
        What's Next