Security Assertion Markup Language (SAML)
Security Assertion Markup Language (SAML) is an XML-based framework for enabling Single Sign-On (SSO) by exchanging authentication and authorisation data between parties. Integrating SAML with DataGuard CPM allows you to use your existing SAML identity provider to authenticate users.
Setting Up Authentication
To set up SAML authentication, follow these steps:
1. Provide SAML Details to DataGuard
Send the following information to your DataGuard customer success manager:
- Sign-in URL: The URL your users will use to sign in.
- X509 Signing Certificate: Your identity provider's signing certificate.
2. Configure Callback URL
Depending on your environment, you may need to configure the following callback URL on your side:
| Environment | Auth0 URL |
|---|---|
| Sandbox | https://sandbox-consentric.eu.auth0.com/login/callback |
| Production EU | https://dgconsentde.eu.auth0.com/login/callback |
| Production UK | https://consentric.eu.auth0.com/login/callback |
Setting Up Authorisation
Once SSO is configured, you'll need to authorise users in DataGuard CPM:
1. Configure SAML Attribute for Authorisation
Add a custom SAML attribute to your identity provider with the following details:
- Key:
ssoConsentricOptions - Value: Stringified JSON in the format:
{
"<your-application-id>": {
"roles": "PERMISSIONS_AGENT PERMISSIONS_ADMIN"
}
}2. Assign Roles to Users
The roles determine the level of access users have in DataGuard CPM:
- PERMISSIONS_AGENT: Allows the user to view Citizen information.
- PERMISSIONS_ADMIN: Allows the user to configure the CPM instance.
Updated about 2 months ago