Get started
- 05 Feb 2025
- 1 Minute to read
- Print
Get started
- Updated on 05 Feb 2025
- 1 Minute to read
- Print
Article summary
Did you find this summary helpful?
Thank you for your feedback
Basics about Security Assertion Markup Language (SAML):
Identity provider: provider who is responsible for the authentication.
Service provider: Grassfish who provides the service IXM Platform.
End user: a user of the identity provider who wants to log in to the IXM Platform.
Preconditions
Before you start the SAML setup, consider the following questions and preconditions:
You need a unique username. For example, an email address.
You must determine whether the user should have access to the IXM Platform when the login against the identity provider is successful but the user doesn’t exist in the IXM Platform. Our recommendation is to allow this.
Consider whether the login is only for one IXM Platform customer:
If so, you need to know the customer code.
If not, consider the following points:
Will the customer provide the IXM Platform customer code during the login (via assertion attributes)?
Should you setup a separate SAML login webservice for each IXM Platform customer code?
Consider whether permissions are managed in the IXM Platform or whether the identity provider provides user groups and/or permission groups during the login (via assertion attributes):
If they’re managed in the IXM Platform, what are the default user groups and permission groups if the user doesn’t exist?
You may have to create a basic user group and permission group without rights. After the first login, the administrator must assign the user to specific user groups and permission groups.
A test user is required. This user should be in the call during the setup to provide information while testing the login.
.png?sv=2022-11-02&spr=https&st=2025-02-06T04%3A54%3A00Z&se=2025-02-06T05%3A09%3A00Z&sr=c&sp=r&sig=lTDEErA6K0yoQ15AJ6Znp0nv95QYawLBfQ78GgAiIQU%3D)