CIC supports SAML to enable you to bring on your own, preferred authentication systems. CIC can integrate with identity providers (for example, OneLogin, Auth0, or Azure Active Directory) and the IDP manages the credentials. You don't need to manage IDs separately in CIC.
In CIC, SAML is managed on a per-tenant basis, which means, as an Admin, you can configure SAML for a tenant you have Admin privileges for. Any domains that Cleo has associated with that tenant are subject to that SAML configuration. SSO is enforced on a per-domain basis, which means that any user belonging to a domain configured for SAML will use SSO for any tenant they attempt to log in to.
Note: Cleo Support must enable SAML for your tenant before you can access the SAML page.
Use the Admin > SAML page to configure Cleo Integration Cloud to use SAML for single sign-on.
Use these fields to customize your application. Changes you make are previewed as you make them.
- Enable SAML for all users of the domain
- Select this check box to authenticate all users of the domain via IDP using the SAML protocol. If you select only this option, your SAML login page is displayed when users invoke Cleo Integration Cloud.
- Also allows you to disable SAML so that an administrator can log in using their user name and password, for example, to the system to troubleshoot.
- Important: Before you select this check box, make sure you have imported your IDP information and your IDP has your SP information.
Cleo provides you with the information in this section of the page to configure your IDP. You provide this information to your IDP to enable the IDP to trust Cleo Integration Cloud.
Note: Your IDP might use different names for the data provided in the fields below. Check with your IDP for more information.
- Entity ID (Audience)
- Identifies the application for which single sign-on is being configured. Sometimes also referred to as audience.
- Assertion Consumer Service
- Identifies the URL that expects to receive the SAML assertion.
- Sign In URI
- The Cleo Integration Cloud login page. Sometimes required for IDP configuration.
You provide access to a metadata file containing information about the Identity Provider (IDP).
- Metadata XML
- Provides information (as metadata) about the IDP in .xml format. You can provide an address from which to download a file or select a file to import directly.
- Enter publicly accessible URL to metadata file
- Select this option and enter an URL from which you want the application to download the metadata .xml file.
- Import as a file (.xml)
- Browse to and select a local .xml file containing the metadata.
Attribute mappings allow Cleo Integration Cloud to identify various parts of a SAML assertion.
- Email Attribute
- The attribute name used by the IDP to identify the email address in the SAML assertion.