SSO - SAML Settings

Configure SSO settings for SAML.

Configure SSO SAML Settings

Permissions

Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.

See the Settings permissions or ask your Administrator for assistance.

Notice to Administrators

Enhance security for your ProcessMaker Platform instance by following these best practices. Among these best practices are to require all ProcessMaker users to log on to your ProcessMaker Platform instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.

The following information is required to configure SSO with SAML:

  • SSO endpoint

  • SSO identifier

  • SLO endpoint

  • Encryption type

  • Authentication context

  • Public certificate

  • Name ID format

To generate or locate this information, contact your SAML identity provider.

See an example in the following video showing how to configure SAML SSO settings.

  • Intended audience: System administrators and Process designers

  • Viewing time: 6 minutes; contains narration

  • Note: The video demonstrates the procedure to configure SAML SSO using obsolete settings. The written form of this procedure uses the current settings.

Configure the following SAML SSO settings as necessary:

  1. From the list of SSO identity providers, select the SAML option. The SSO - SAML tab displays.

  2. Enter the identity provider URL from which ProcessMaker retrieves the authentication response and validates it when establishing the SSO session. Your identity provider provides this URL.

  3. Enter the URL that references the SAML XML file for your identity provider (IdP). Your identity provider provides this URL.

  4. Enter the logout URL provided by your identity provider.

  5. From the list of encryption types, select the encryption type your identity provider uses.

  6. Use the Authentication Context toggle to indicate whether to send authentication context in the authorization request or not.

  7. Enter the identity provider's certificate fingerprint by pasting it into this setting. Your identity provider provides this certificate. Ensure to include the -----BEGIN CERTIFICATE----- header. ProcessMaker retrieves the authentication response and validates it using the identity provider's certificate fingerprint.

  8. Click the browse button and then select the file containing your SAML certificate, if one is available from your identity provider.

  9. Click the browse button and then select the file containing your SAML key, if one is available from your identity provider.

  10. Click the Add button. An empty row displays.

  11. In the ProcessMaker Property setting, enter the ProcessMaker user property to which to match the SSO SAML attribute.

  12. In the SAML Attribute setting field, enter the SSO SAML attribute from which to map to the ProcessMaker user property.

  13. Click Save. The following message displays: The setting was updated.

  14. Click the Add button. An empty row displays.

  15. In the ProcessMaker Property setting, enter the ProcessMaker user property to which to match the SSO SAML attribute.

  16. In the SAML Attribute setting, enter the SSO SAML attribute from which to map to the ProcessMaker user property.

  17. Click Save. The following message displays: The setting was updated.

  18. Enter the name identifier format supported by your SAML identity provider.

Last updated

© Copyright 2000-2024 ProcessMaker Inc. All rights reserved.