Property | Description |
|---|---|
Use Identity Provider File | The identity provider XML file populates many of the properties on the SAML Setup page. To use an identity provider XML file to define identity provider properties, click Browse, and navigate to the identity provider XML file. |
Disable auto provisioning of users | Disables auto provisioning of SAML users. When a new SAML user logs in to Informatica Intelligent Cloud Services for the first time, the user will not be added to the organization in Informatica Intelligent Cloud Services. |
Issuer | The entity ID of the identity provider, which is the unique identifier of the identity provider. The Issuer value in all messages from the identity provider to Informatica Intelligent Cloud Services must match this value. For example: <saml:Issuer>http://idp.example.com</saml:Issuer> |
Single Sign-On Service URL | The identity provider's HTTP-POST SAML binding URL for the SingleSignOnService, which is the SingleSignOnService element's location attribute. Informatica Intelligent Cloud Services sends login requests to this URL. |
Single Logout Service URL | The identity provider's HTTP-POST SAML binding URL for the SingleLogoutService, which is the SingleLogoutService element's location attribute. Informatica Intelligent Cloud Services sends logout requests to this URL. |
Signing Certificate | Base64-encoded PEM format identity provider certificate that Informatica Intelligent Cloud Services uses to validate signed SAML messages from the identity provider. Note: The identity provider signing algorithm must be either DSA-SHA1 or RSA-SHA1. |
Use signing certificate for encryption | Uses the public key in your signing certificate to encrypt logout requests sent to your identity provider when a user logs out from Informatica Intelligent Cloud Services. |
Encryption Certificate | Base64-encoded PEM format identity provider certificate that Informatica Intelligent Cloud Services uses to encrypt SAML messages sent to the identity provider. Applicable if you do not enable use of the signing certificate for encryption. |
Name Identifier Format | The format of the name identifier in the authentication request that the identity provider returns to Informatica Intelligent Cloud Services. Informatica Intelligent Cloud Services uses the name identifier value as the Informatica Intelligent Cloud Services user name. The name identifier cannot be a transient value that can be different for each login. For a particular user, each single sign-on login to Informatica Intelligent Cloud Services must contain the same name identifier value. To specify that the name identifier is an email address, the Name Identifier Format is as follows: urn:oasis:names:tc:SAML:1.1:nameidformat:emailAddress |
Logout Service URL (SOAP Binding) | The identity provider's SAML SOAP binding URL for the single logout service. Informatica Intelligent Cloud Services sends logout requests to this URL. |
Logout Page URL | The landing page to which a user is redirected after the user logs out of Informatica Intelligent Cloud Services. Informatica Intelligent Cloud Services redirects the logged out user to the landing page in the following ways:
|
Property | Description |
|---|---|
Informatica Cloud Platform SSO | Displays the single sign-on URL for your organization. This URL is automatically generated by Informatica Intelligent Cloud Services. |
Clock Skew | Specifies the maximum permitted time between the time stamps in the SAML response from the identity provider and the Informatica Intelligent Cloud Services clock. |
Name Identifier value represents user's email address | If selected, Informatica Intelligent Cloud Services uses the name identifier as the email address. |
Sign authentication requests | If selected, Informatica Intelligent Cloud Services signs authentication requests to the identity provider. |
Sign logout requests sent using SOAP binding | If selected, Informatica Intelligent Cloud Services signs logout requests sent to the identity provider. |
Encrypt name identifier in logout requests | If selected, Informatica Intelligent Cloud Services encrypts the name identifier in logout requests. Note: Verify that the identity provider supports decryption of name identifiers. |
Property | Description |
|---|---|
Use friendly SAML attribute names | If selected, uses the human-readable form of the SAML attribute name which might be useful in cases in which the attribute name is complex or opaque, such as an OID or a UUID. |
First Name | SAML attribute used to pass the user first name. |
Last Name | SAML attribute used to pass the user last name. |
Job Title | SAML attribute used to pass the user job title. |
Email Addresses | SAML attribute used to pass the user email addresses. |
Emails Delimiter | Delimiter to separate the email addresses if multiple email addresses are passed. |
Phone Number | SAML attribute used to pass the user phone number. |
Time Zone | SAML attribute used to pass the user time zone. |
User Roles | SAML attribute used to pass the user assigned user roles. |
Roles Delimiter | Delimiter to separate the roles if multiple roles are passed. |
Property | Description |
|---|---|
Informatica Intelligent Cloud Services role | The SAML role equivalent for the Informatica Intelligent Cloud Services role. If you need to enter more than one role, use a comma to separate the roles. |
Default Role | Default role to use if the SAML authentication response does not include the SAML user roles attribute. |
Default User Group | Default user group for single sign-on users. |