This topic provides the steps for configuring SAML SSO for dashboard authentication.

Prerequisites

• Provide your IDP team the SSO endpoint for your tenant in the following form: https://dashboard_url/tenant_id/saml/sso 
• After the configuration is complete, request that they provide the associated SAML metadata.

Steps

1. In the Machina Console, go to Settings > Identity Management.

   

2. In the Exclusive SAML SSO Dashboard Authentication section, select the Enable Exclusive SAML SSO Dashboard Authentication check box. If this setting is enabled, then tenant administrators will be required to login to the dashboard through SAML SSO. The ability to login through Machina' s email/ password combination will be removed.

   When SAML Single Sign On is not enabled, Tenant Administrators will not be allowed to enable Exclusive SAML This prevents Administrators f rom being locked out of the Admin Console with no ability to log in.

3. In the Ionic User Identity Field, select an option from the list.

   This field is used to identify a user when matching a SAML 2. 0 assertion or managing users via the SCIM API.

4. In the SAML 2.0 Assertion Identity Field, enter the name of the field.

   This field is used to identify a user when matching a SAML 2. 0 assertion  or managing users via the SCIM API.

5. In the SAML 2 . 0 Identify Provider Metadata XML section, edit the configuration information to match your Identity Provider configuration

   This configuration is used to set up SAML based authentication with an identity provider for Machina Console logins. The Metadata XML can be obtained from the Identity Provider and pasted directly into the console. If the Identity Provider endpoint is available, an option to use Enterprise Single Sign On displays when signing into the console.

6. Click Save.