This article covers using an external identity provider (IdP) with Finalsite, including how SAML authentication redirects users to your own login pages and the username matching requirement needed for setup.
💡Quick answers
- Can Finalsite integrate with our own identity provider? Yes; Finalsite supports SAML authentication so most common identity providers can be configured with Finalsite as a service provider.
- What does SAML authentication allow you to do? It lets you redirect users to your own IdP login pages and enforce your own authentication protocols, such as two-factor authentication and password requirements, per admin group or constituent role.
- What is required for SAML authentication to work reliably? The usernames in Finalsite must match a corresponding attribute on the identity provider side.
- Does Finalsite support single logout with SAML? Yes; SAML authentication supports service provider-initiated Single-Logout using the Redirect method.
If you prefer to manage access for constituents and/or admin users with your own identity provider (IdP), Finalsite offers a SAML authentication method that can be used for this purpose. Most common IdPs support configuring Finalsite as a service provider in this way.
Using a SAML authentication allows you to redirect users to your own login pages for your IdP, and also allows you to implement any authentication protocols you may enforce, including two-factor authentication and password requirements. This can be configured in Finalsite per admin group or per constituent role.
As a prerequisite for this integration, the usernames in Finalsite need to match an attribute on the IdP side to ensure the connection works reliably.
SAML Authentication also supports Single-Logout that is service provider-initiated and uses the Redirect method.
Comments
Please Sign in to leave a comment if you don't see the comment box below.