Cleo creates associations between tenants and domains as part of creating and maintaining tenants. SAML is managed on a per-tenant basis, which means, as an Admin, you can configure SAML for a given tenant for which you have Admin privileges. Any domains that Cleo has associated with that tenant are subject to that SAML configuration. SSO is enforced on a per-domain basis, which means that any user belonging to a domain configured for SAML will use SSO for any tenant they attempt to log in to.
Use the Admin > SAML page to configure Cleo Integration Cloud to use SAML for single-sign on.
Use these fields to customize your application. Changes you make are previewed as you make them.
- Enable SAML for all users of the domain
- Select this check box to authenticate all users of the domain via IDP using the SAML protocol. If you select only this option, your SAML login page is displayed when users invoke Cleo Integration Cloud.
- Also allows you to disable SAML so that an adminstrator can log in using their user name and password, for example, to the system to troubleshoot.
Important: Before you select this check box, make sure you have imported your IDP information and your IDP has your SP information.
Cleo provides you with the information in this section of the page to configure your IDP. You provide this information to your IDP to enable the IDP to trust Cleo Integration Cloud.
- Entity ID (Audience)
- Identifies the application for which single sign-on is being configured. Sometimes also referred to as audience.
- Assertion Consumer Service
- Identifies the URL that expects to receive the SAML assertion.
- Sign In URI
- The Cleo Integration Cloud login page. Sometimes required for IDP configuration.
You provide access to a metadata file containing information about the Identity Provider (IDP).
- Metadata XML
- Provides information (as metadata) about the IDP in .xml format. You can provide an address from which to download a file or select a file to import directly.
- Enter publicly accessible URL to metadata file
- Select this option and enter an URL from which you want the application to download the metadata .xml file.
- Import as a file (.xml)
- Browse to and select a local .xml file containing the metadata.
Attribute mappings allow Cleo Integration Cloud to identify various parts of a SAML assertion.
- Email Attribute
- The attribute name used by the IDP to indentify the email address in the SAML assertion.