SAML Authentication Overview
You can configure Security Assertion Markup Language (SAML) authentication for Informatica web applications.
Security Assertion Markup Language is an XML-based data format for exchanging authentication information between a service provider and an identity provider. In an Informatica domain, the Informatica web application is the service provider.
You can configure the following Informatica web applications to use SAML authentication:
- •Informatica Administrator
- •Informatica Analyst
- •Mass Ingestion tool
- •Metadata Manager
- •Enterprise Data Catalog
- •Enterprise Data Preparation
- •Data Privacy Management
Note: SAML authentication cannot be used in an Informatica domain configured to use Kerberos authentication.
If you enable a domain to use SAML authentication, all web applications that run in the domain use the identity provider you configure in the domain by default. However, you can configure web applications that run in a domain to use different identity providers. For example, you might configure Informatica Administrator to use AD FS as the identity provider, and configure Informatica Analyst to use PingFederate as the identity provider.
For more information about configuring web applications to use different identity providers, see
Configuring Web Applications to Use Different Identity Providers.
Default Keystore and Truststore Directory
The Informatica deployment includes default keystore and truststore files in the directory <Informatica installation directory>\services\shared\security.
Informatica recommends that you use the default keystore and truststore only for setup and proof-of-concept use cases. To secure a production environment, use the following guidelines:
- •Configure a custom keystore and truststore for SAML authentication in a location other than the default directory:
<Informatica installation directory>\services\shared\security
- •You cannot use the default keystore and truststore to configure other services or clients.
- •When you enable SAML authentication, you import keystore or truststore certificate files and private keys into the default directory:
<Informatica installation directory>\services\shared\security
- •When you assign an alias to the keystore or truststore, do not use "Informatica LLC," which Informatica uses for private key authentication and certificate signing.
- •Modifying the default SAML keystore or truststore is allowed only when the default directory is configured as the SAML keystore and truststore directory and you want to import private key and certificate entries in the default keystore or truststore.
You cannot use "Informatica LLC" as the alias for new entries in default keystore and truststore. You can use "Informatica LLC" as the alias for custom keystore-truststore entries.
No other operation is allowed for the default keystore and truststore files, including deleting or replacing the files, changing the password of the keystore or truststore, or modifying, removing or replacing the Informatica-generated private key and signing certificate.
- •If you replaced the default Informatica keystore and truststore files with custom keystore and truststore files in the previous Informatica installation directory structure, you must run the infasetup UpdateGatewayNode command to update the locations of the custom keystore and truststore for the domain.
Supported Identity Providers
Use a supported identity provider to manage SAML authentication on the domain for web applications.
Informatica supports the following identity providers. Click the How-to Library (H2L) article link to get instructions for integration between each identity provider and the domain.
Identity Provider | How-to Library (H2L) article |
|---|
Microsoft Active Directory Federation Services (AD FS) | |
PingFederate | |
F5 Big-IP | |
NetScaler | |
Oracle Access Manager (OAM) | |
Okta SSO | |
Azure Active Directory | |
For information about supported versions of these identity providers, see the Product Availability Matrix on Informatica Network:
https://network.informatica.com/community/informatica-network/product-availability-matrices.