(350).png){kind=logo}
SSO: SAML 2.0
- 2 Minutes to read
- Print
- DarkLight
SSO: SAML 2.0
- 2 Minutes to read
- Print
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
To set up SAML 2.0 with SmarterU, do the following from the External Authorization section of your account settings:
- Select Enable External Authorization.
- Expand the SAML 2.0 section and specify the SAML settings.
- Click Save.
SAML Settings
Login URL
This setting is only applicable if the Master Login Control and User Default Login settings are set to a value other than SmarterU. This is the URL that users will be redirected to when they click the Login button on the portal page.
Customize Login Button Text
This setting is only applicable if the Master Login Control setting is set to a value other than SmarterU. This is the label that displays on the login button.
Customize Portal Login Text
This setting is only applicable if the Master Login Control setting is set to Both or User-Specified. This is the label that displays on the portal's login button.
Enable SAML
Select to enable SAML.
IdP Metadata
This setting is only enabled if the Enable SAML setting is enabled.
Enter your IdP metadata. If you do not know your metadata or how to get it, we have several Identity Providers that you can use.
Identifier Attribute/Claim
This setting is only enabled if the Enable SAML setting is enabled.
Select the identifier/claim to use as a login credential.
Identifier Type
This setting is only enabled if the Enable SAML setting is enabled.
The identifier type tells SmarterU whether the Identifier Attribute/Claim represents the email, or the employee ID of a user in SmarterU.
Perform Single Logout on Session Timeout
This setting is only enabled if the Enable SAML setting is enabled and IdP Metadata has been provided.
Select to log users out from all applications where SSO was used when they log out of SmarterU, or their SmarterU session times out.
Enable Just-in-Time User Creation
Select to create a user account just before the user is logged into SmarterU. When a user attempts to connect to SmarterU, SmarterU uses the Identifier Attribute/Claim setting to determine if they exist in the system. If the user exists, they are logged in. If the user does not exist and the Enable Just-In-Time User Creation setting is enabled, SmarterU will create their user account prior to logging them in.
Enabling this setting allows you to set the user's given name, surname, and home group. All other updates to a user's profile will need to be done outside the just-in-time user creation feature.
Given Name Attribute/Claim
This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled.
Select the field from the metadata that should be used for the user's given name.
Surname Attribute/Claim
This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled.
Select the field from the metadata that should be used for the user's surname.
Alternate Email Attribute/Claim
This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled and the Identifier Type is set to Employee ID.
Select the field from the metadata that should be used for the user's alternate email.
Home Group
This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled.
Select the home group to which just-in-time users are added.
Tested Identity Providers
Was this article helpful?