Administer > Configuring SAML Single Sign-On in Informatica Cloud > Identity Provider Properties
  

Identity Provider Properties

Define SAML identity provider properties on the Configure SAML SSO page. If you have an identity provider XML file, you can upload the file to populate some of the properties. Informatica Cloud can parse and extract most of the data from the XML file. However, you might need to enter certain fields manually such as the name identifier format.
The following table describes identity provider configuration properties:
Property
Description
Configure using Identity Provider XML File
The identity provider XML file populates many of the properties on the Configure SAML SSO page.
To use an identity provider XML file to define identity provider properties, click Upload XML File and navigate to the identity provider XML file.
Disable auto provisioning of users
Disables auto provisioning of SAML users. When a new SAML user logs in to Informatica Cloud for the first time, the user will not be added to the organization in Informatica Cloud.
Issuer
The entity ID of the identity provider, which is the unique identifier of the identity provider.
The Issuer value in all messages from the identity provider to Informatica Cloud must match this value. For example:
<saml:Issuer>http://idp.example.com</saml:Issuer>
Single Sign-On Service URL
The identity provider's HTTP-POST SAML binding URL for the SingleSignOnService, which is the SingleSignOnService element's location attribute. Informatica Cloud sends login requests to this URL.
Single Logout Service URL
The identity provider's HTTP-POST SAML binding URL for the SingleLogoutService, which is the SingleLogoutService element's location attribute. Informatica Cloud sends logout requests to this URL.
Signing Certificate
Base64-encoded PEM format identity provider certificate that Informatica Cloud uses to validate signed SAML messages from the identity provider.
Note: The public certificate of the identity provider must be signed using either the DSA-SHA1 or RSA-SHA1 algorithm.
Use signing certificate for encryption
Uses the public key in your signing certificate to encrypt logout requests sent to your identity provider when a user logs out from Informatica Cloud.
Encryption Certificate
Base64-encoded PEM format identity provider certificate that Informatica Cloud uses to encrypt SAML messages sent to the identity provider.
Applicable if you do not enable use of the signing certificate for encryption.
Name Identifier Format
The format of the name identifier in the authentication request that the identity provider returns to Informatica Cloud. Informatica Cloud uses the name identifier value as the Informatica Cloud login name.
The name identifier cannot be a transient value that can be different for each login. For a particular user, each single sign-on login to Informatica Cloud must contain the same name identifier value.
To specify that the name identifier is an email address, the Name Identifier Format is as follows:
urn:oasis:names:tc:SAML:1.1:nameidformat:emailAddress
Single Logout Service URL (SOAP Binding)
The identity provider's SAML SOAP binding URL for the single logout service. Informatica Cloud sends logout requests to this URL.
Logout Page URL
The landing page to which a user is redirected after the user logs out of Informatica Cloud.
Informatica Cloud redirects the logged out user to the landing page in the following ways:
  • - If you specify a single logout service URL, Informatica Cloud sends the logout request to the logout service URL and then redirects the user to the landing page that you specify in this property.
  • - If you do not specify a single logout service URL, Informatica Cloud redirects the user to the following page:
    • https://app.informaticaondemand.com/ma/logout