Can my users use SAML to log in?

What is SAML? 

SAML stands for Security Assertion Markup Language, and is a standard single sign-on (SSO) format -- essentially exchanging authentication and authorisation data between parties. In SAML, these parties are referred to as the service provider (Award Force) and the identity provider (your system).

Award Force supports both service provider initiated login, (e.g. a button on the login screen of your platform) and identity provider initiated login (e.g. a button placed on your intranet or other private site).

SAML is an optional add-on for your account. For more information and pricing, please get in touch.

Setting up SAML 

With Award Force

Once SAML has been added to your account, navigate to Settings > General > Integration (tab) and select the Enable SAML authentication checkbox. You will then need to fill in the following details of your identity provider:

  • Issuer (a string identifying the IP)
  • Single sign on service URL
  • X.509 certificate

SAML_auth.png

With your identify provider

Steps may vary based on your desired provider, and your IT team will likely need to be involved in the configuration, but the key facts to know are:

  • The provided Name IDs should be persistent.

  • The integration requires three attributes (firstName, lastName and email) to be present in the authentication response in order to create accounts for users authenticating with SAML.

Note: account linking

The SAML response from the identity provider contains an email attribute, which is used to check if an account already exists within Award Force. If it doesn't, a new account is created for the user.

If the email does exist within Award Force, there's an additional step that allows the user to link their existing account with their SAML identity. The user will simply need to input the password that matches the existing account at Award Force. They also have the option to reset their password if they do not remember it.

SAML_linking.png