SAML

SAML 2.0 is an XML standard that acts as an authentication interface between a SCC and an identity provider (IdP). You can use the IdP to provide additional requirements for authentication, which can be multi-factor authentication methods such as common access card (CAC) or personal identity verification (PIV). For more information, see Configuring SAML and Managing SAML.

Control	Description
IdP Metadata	Paste the IdP metadata you copied or received from the IdP website.
Security Settings	Sign Authentication Request - Select this option to have SCC sign the SAML authentication request sent to the identity provider. Signing the initial login request sent by SCC allows the identity provider to verify that all login requests originate from a trusted service provider.
	Requires Signed Assertions - Select if SAML assertions must be signed. Some SAML configurations require signed assertions to improve security.
	Requires Encrypted Assertions - Select this option to indicate to the SAML identity provider that SCC requires encrypted SAML assertion responses. When this option is selected, the identity provider encrypts the assertion section of the SAML responses. Even though all SAML traffic to and from SCC is already encrypted by the use of HTTPS, this option adds another layer of encryption.
Attribute	User Name Attribute - Enter the name of the IdP variable that carries the username of the user. The user name attribute is mandatory and must be sent by your identify provider in the SAML response to align the login with a configured SteelHead account. Default value is samlNameId.
Attribute	Member of Attribute - Enter the name of the IdP variable that carries the role of the user. Default value is memberOf.
Enable SAML	Enable SAML Authentication - Select this option and click Apply.