To start integrating SAML authentication into your app, you need to set up Telerik Platform accordingly. Otherwise your backend will return an error even if your code is properly implemented.
SAML identity providers (IdP) are typically utilized in enterprise-grade apps that require the added centralization and manageability of authentication. In those situations you, as an app developer, have at least some control over the SAML IdP that you integrate with.
These are the settings that you need to ensure are in place to integrate Telerik Platform with your SAML IdP.
- Ask your SAML IdP administrator to provide you with the Metadata URL or the Metadata XML file of the IdP. You will need to provide them to Telerik Platform as SAML metadata.
- Ask your SAML IdP administrator to configure trusts for the following Telerik Platform resources:
- SAML audience—Obtain the value from the Users > Authentication screen.
- Reply URL—Obtain the value from the Users > Authentication screen.
- Ask your SAML IdP administrator to configure the following claims that Telerik Platform will try to read from an issued security token. All claims listed as Recommended as well as claims that you choose to include will be preserved in the user object that Telerik Platform creates. Note that the claims' names vary from IdP to IdP.
- ID (Required)
- Email Address (Recommended)
- Go to Users > Authentication.
- Check the box in front of SAML 2.0.
- For SAML metadata, choose whether to:
- Specify an URL, in which case enter your identity provider's metadata endpoint URL.
- Upload an XML file, in which case browse for a .xml file containing metadata and upload it.
- For User ID claim name, enter the exact name of the claim that your IdP uses to uniquely identify the user.
Example: Primary SID
- (Optional) User Display Name, enter the exact name of the claim that you want to set as Display Name of the Telerik Platform user account.
Example: Common name
- Copy the values for SAML audience and Reply URL and use them to set up your SAML IdP.
- Click Save.