|
|
|
|
|
|
|
|
|
|
When SAML SSO is activated for a user account, the user will no longer log in to the service using their service credentials. Instead, users will click a link to enter a username and password to authenticate to their identity provider (IdP). Upon successful authentication, the IdP redirects to the service's Assertion Consumer Service URL, the service validates the contents of the response, resolves the usernames and starts the user's session.
The account must have these settings:
1) SAML SSO must be enabled for your subscription by support or your account manager.
2) The New Data Security Model must be accepted for the subscription. A Manager can opt in by going to Users > Setup > Security.
Note: The New Credentials Security Model (NCSM) has no dependency on SAML. So ensure that SAML and NCSM must not be enabled simultaneously.
Go to Users > Setup > SAML SSO Setup. Select the option "Enable SAML SSO for new users".
Go to Users > Users and edit the user's account. You'll see the SAML SSO option in the Security section.
If both Symantec VIP and SAML SSO are turned on for the same account, SAML SSO will be used and the Symantec VIP option will be ignored.
In Azure, you cannot set IDP SSO URL as a Custom Exit URL. This is because the SSO URL, by default, expects the SAML Request parameter to be added to the URL. However, the IDP SSO URL does not have the request parameters. This results in an error from Azure AD.