Table of Contents

Search

  1. Preface
  2. User administration
  3. Ecosystem single sign-on
  4. SAML single sign-on
  5. Users
  6. User groups
  7. User roles
  8. User configuration examples
  9. Editing your user profile

User Administration

User Administration

SAML single sign-on

SAML single sign-on

You can enable single sign-on (SSO) capability so that users can access their organization without the need to enter login information. You can use SSO for user authentication or for both authentication and authorization in an organization. You configure SSO capability for an organization on the
SAML Setup
page.
Single sign-on to
Informatica Intelligent Cloud Services
is based on the Security Assertion Markup Language (SAML) 2.0 web browser single sign-on profile. The SAML web browser single sign-on profile consists of the following entities:
Identity provider
An entity that manages authentication information and provides authentication services through the use of security tokens.
Service provider
An entity that provides web services to principals, for example, an entity that hosts web applications.
Informatica Intelligent Cloud Services
is a service provider.
Principal
An end user who interacts through an HTTP user agent.
SAML 2.0 is an XML-based protocol that uses security tokens that contain assertions to pass information about a principal between an identity provider and a service provider. An assertion is a package of information that supplies statements made by a SAML authority. You can find more information about SAML on the Oasis web site: https://www.oasis-open.org
The process that occurs when a user enters the
Informatica Intelligent Cloud Services
URL in a browser or launches
Informatica Intelligent Cloud Services
through a chicklet differs based on whether the organization uses SAML SSO for authentication only or for both authentication and authorization.

SAML single sign-on for authentication only

When a user signs on to
Informatica Intelligent Cloud Services
and the organization uses SAML SSO for user authentication only, the following process occurs:
  1. Informatica Intelligent Cloud Services
    sends a SAML authentication request to the organization's identity provider.
  2. The identity provider confirms the user's identity and sends a SAML authentication response to
    Informatica Intelligent Cloud Services
    . The authentication response includes a SAML token.
  3. When
    Informatica Intelligent Cloud Services
    receives the SAML authentication response from the identity provider, it completes the following tasks:
    • If the user exists,
      Informatica Intelligent Cloud Services
      establishes the user session and logs the user in.
    • If the user does not exist and auto-provisioning of users is enabled,
      Informatica Intelligent Cloud Services
      gets the user attributes from the SAML token, creates the user, and assigns the user the default role and the default group, if it is configured.
      Informatica Intelligent Cloud Services
      establishes the user session and logs the user in.
    • If the user does not exist and auto-provisioning of users is disabled,
      Informatica Intelligent Cloud Services
      fails the login.
  4. When a user logs out of
    Informatica Intelligent Cloud Services
    or the session times out,
    Informatica Intelligent Cloud Services
    sends a SAML logout request to the identity provider.
  5. The identity provider terminates the user session on the identity provider side.

SAML single sign-on for authentication and authorization

When a user signs on to
Informatica Intelligent Cloud Services
and the organization uses SAML SSO for authentication and authorization, the following process occurs:
  1. Informatica Intelligent Cloud Services
    sends a SAML authentication request to the organization's identity provider.
  2. The identity provider confirms the user's identity and sends a SAML authentication response to
    Informatica Intelligent Cloud Services
    . The authentication response includes a SAML token.
  3. When
    Informatica Intelligent Cloud Services
    receives the SAML authentication response from the identity provider, it completes the following tasks:
    • If the user exists,
      Informatica Intelligent Cloud Services
      gets the user roles, groups, and attributes from the SAML token. It finds the corresponding
      Informatica Intelligent Cloud Services
      user roles and groups, and updates the user roles, if necessary.
      Informatica Intelligent Cloud Services
      establishes the user session and logs the user in.
    • If the user does not exist and auto-provisioning of users is enabled,
      Informatica Intelligent Cloud Services
      gets the user roles, groups, and attributes from the SAML token and creates the user.
      Informatica Intelligent Cloud Services
      establishes the user session and logs the user in. If the token contains no SAML role or group information,
      Informatica Intelligent Cloud Services
      fails the login.
    • If the user does not exist and auto-provisioning of users is disabled,
      Informatica Intelligent Cloud Services
      fails the login.
  4. When a user logs out of
    Informatica Intelligent Cloud Services
    or the session times out,
    Informatica Intelligent Cloud Services
    sends a SAML logout request to the identity provider.
  5. The identity provider terminates the user session on the identity provider side.

0 COMMENTS

We’d like to hear from you!