Organization Client Portal User Guide

Organization Client Portal User Guide / Settings / Single Sign-On (SSO) / SAML Settings

SAML Settings

This page shows the SAML authentication and provisioning settings that were configured for your organization.

Status

This section shows the status (Enabled or Disabled) of SAML authentication.

Click Edit to change the status. Disabling SAML authentication can prevent users from logging in. They will have to log in by other means, such as creating a password for their account. Disabling SAML will also prevent automated provisioning using SCIM.

Domain names

This section shows the domain name(s) used for SAML authentication.

Click Edit to add or remove a domain name. For a domain name to be used, it must be added to the Client Portal and validated (if needed, consult the procedure for registering a domain name).

Removing domain names may prevent some users from logging in.

Identity provider data

This section shows the information issued by the identity provider (Microsoft, Google, etc.).

Click Edit to make changes. You can upload an XML metadata file from your provider or enter the data manually. Read the procedures for configuring SAML with Entra ID or Google Cloud to learn how to find this information on each of these platforms.

Adjust signature verification settings based on the identity provider.

Attributes required to configure SAML authentication with your identity provider

For SAML authentication to work, make sure the following attributes correspond to the indicated specifications. If you use Entra ID, please refer to the section on configuring SAML with Entra ID; if you use Google Cloud, please refer to the section on configuring SAML with Google Cloud.

To set up authentication with another identity provider, use the following required attributes.

  • Alias: emailaddress
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    A non-null and non-empty string indicating the email address with which the user logs in to Druide’s services
  • Alias: givenname
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
    A non-null and non-empty string indicating the user’s last name
  • Alias: surname
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    A non-null and non-empty string indicating the user’s first name

Name identifier format

The name identifier format expected in the response is persistent: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

Data from Druide for your identity provider

This section shows the information you need to enter in the identity provider’s SAML configuration settings. You cannot make changes to these links; you may only copy them (by clicking the ). You can also download the XML metadata file to configure the settings automatically.

Read the procedure for configuring SAML with Entra ID or Google Cloud to see where to enter this information on each of these platforms.

Resource person

This section shows the contact information of your organization’s resource person for matters related to SAML authentication.

Click Edit to make changes. It is recommended you assign a resource person to receive technical details in case of login or configuration issues.

Antidote access

If your organization has one or more active subscriptions, this section shows how Antidote access is managed.

Click Edit to select one of these three options.

  • Manual management
    This option lets you grant access to Antidote independently of SAML authentication. You can grant users access manually from the Users tab in the Client Portal.

  • Impose access to Antidote upon login
    This option lets you automatically grant Antidote access to all users who log in with SAML authentication. If your organization has multiple subscriptions, specify which one should be used. For Antidote Pro, make sure to specify which application (Antidote 12, Antidote Web or both). If a user already has access to another subscription, their subscription will be changed the next time they log in.

  • Grant Antidote access to users who do not have access upon logging in
    This option lets you grant Antidote access to users who don’t already have it. For example, this option is useful if your organization already has a subscription and you want new users to have access to a different subscription than those who already have one.

Important — The Antidote access management settings configured for automated provisioning, if applicable, override the options described here (learn more).

No results