Symbio SSO
Checklist
The following checklist aids you in collecting all necessary data to get started with setting up SAML for Symbio.
Is your Infrastructure Ready for Symbio SSO?
If you can answer every question with Yes, your infrastructure is Ready for Symbio SSO.
Question | Answer |
---|---|
Symbio and IdP both reachable by browser? | ☐ Yes ☐ No |
SAML 2.0-compliant IdP available? | ☐ Yes ☐ No |
SSO HTTP-REDIRECT endpoint supported? | ☐ Yes ☐ No |
POST to ACS endpoint supported? | ☐ Yes ☐ No |
SHA-256 signatures supported? | ☐ Yes ☐ No |
IdP Metadata XML file available? | ☐ Yes ☐ No |
Metadata contains trustworthy certificate? | ☐ Yes ☐ No |
(If on premise) Symbio installed on HTTPS binding? | ☐ Yes ☐ No |
If targeting Azure AD: Are you using Azure AD Premium | ☐ Yes ☐ No |
Please provide the IdP Metadata XML file to Ploetz + Zeller GmbH to get your Cloud instance of Symbio configured for SSO.
Claims Details
Additional Question | Answer (needed by P+Z for Cloud setups) |
---|---|
Claim Type users are identified by? | (UPN preferred) |
Claim Type used for group membership? | (Group preferred) |
If these answers diverge from the desired claim types, a custom claims mapping needs to be added.
What is needed for Setting up your IdP?
The following data is most likely needed to setup your IdP:
Element | Value |
---|---|
Initiated By | Service Provider (IdP-initiated not supported) |
SP Entity ID | http://symbioworld.com/web |
SSO Service | Expect HTTP-REDIRECT |
AuthnRequest | Expect Unsigned |
ACS Type | Set to HTTP-POST |
Response | Set to Signed |
SP URL | Symbio Root URL (Cloud: provided by P+Z) |
ACS URL | Symbio Root URL + "/AuthServices/Acs" |
Minimal Claims | (see below) |
Minimal Claims expected by Symbio
- UPN (upn: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)
- Last Name (surname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname)
- First Name (givenname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname)
- E-Mail (emailaddress: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)
- Group (group: http://schemas.xmlsoap.org/claims/Group)
If your claims diverge from this list, please provide P+Z with a list of transmitted claims.