Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Reference 360 SaaS
  • All Products

Table of Contents

Search

  1. Preface
  2. Introducing Reference 360
  3. Getting started with Reference 360
  4. Manage system reference data
  5. Manage reference data sets
  6. Manage code lists
  7. Manage code values
  8. Manage crosswalks
  9. Import data
  10. Manage hierarchies
  11. Manage attributes
  12. Manage workflows
  13. Manage jobs
  14. Reference 360 REST API
  15. Glossary

Reference 360

Reference 360

Back Next

SAML single sign-on

SAML single sign-on

You can enable single sign-on (SSO) capability so that users can access their organization without the need to enter login information. You can use SSO for user authentication or for both authentication and authorization in an organization. You configure SSO capability for an organization on the
SAML Setup
 page.
Single sign-on to
Informatica Intelligent Cloud Services
 is based on the Security Assertion Markup Language (SAML) 2.0 web browser single sign-on profile. The SAML web browser single sign-on profile consists of the following entities:
Identity provider
An entity that manages authentication information and provides authentication services through the use of security tokens.
Service provider
An entity that provides web services to principals, for example, an entity that hosts web applications.
Informatica Intelligent Cloud Services
 is a service provider.
Principal
An end user who interacts through an HTTP user agent.
SAML 2.0 is an XML-based protocol that uses security tokens that contain assertions to pass information about a principal between an identity provider and a service provider. An assertion is a package of information that supplies statements made by a SAML authority. You can find more information about SAML on the Oasis web site: https://www.oasis-open.org
The process that occurs when a user enters the
Informatica Intelligent Cloud Services
 URL in a browser or launches
Informatica Intelligent Cloud Services
 through a chicklet differs based on whether the organization uses SAML SSO for authentication only or for both authentication and authorization.

SAML single sign-on for authentication only

When a user signs on to
Informatica Intelligent Cloud Services
 and the organization uses SAML SSO for user authentication only, the following process occurs:
  1. Informatica Intelligent Cloud Services
     sends a SAML authentication request to the organization's identity provider.
  2. The identity provider confirms the user's identity and sends a SAML authentication response to
    Informatica Intelligent Cloud Services
    . The authentication response includes a SAML token.
  3. When
    Informatica Intelligent Cloud Services
     receives the SAML authentication response from the identity provider, it completes the following tasks:
    • If the user exists,
      Informatica Intelligent Cloud Services
       establishes the user session and logs the user in.
    • If the user does not exist and auto-provisioning of users is enabled,
      Informatica Intelligent Cloud Services
       gets the user attributes from the SAML token, creates the user, and assigns the user the default role and the default group, if it is configured.
      Informatica Intelligent Cloud Services
       establishes the user session and logs the user in.
    • If the user does not exist and auto-provisioning of users is disabled,
      Informatica Intelligent Cloud Services
       fails the login.
  4. When a user logs out of
    Informatica Intelligent Cloud Services
     or the session times out,
    Informatica Intelligent Cloud Services
     sends a SAML logout request to the identity provider.
  5. The identity provider terminates the user session on the identity provider side.

SAML single sign-on for authentication and authorization

When a user signs on to
Informatica Intelligent Cloud Services
 and the organization uses SAML SSO for authentication and authorization, the following process occurs:
  1. Informatica Intelligent Cloud Services
     sends a SAML authentication request to the organization's identity provider.
  2. The identity provider confirms the user's identity and sends a SAML authentication response to
    Informatica Intelligent Cloud Services
    . The authentication response includes a SAML token.
  3. When
    Informatica Intelligent Cloud Services
     receives the SAML authentication response from the identity provider, it completes the following tasks:
    • If the user exists,
      Informatica Intelligent Cloud Services
       gets the user roles, groups, and attributes from the SAML token. It finds the corresponding
      Informatica Intelligent Cloud Services
       user roles and groups, and updates the user roles, if necessary.
      Informatica Intelligent Cloud Services
       establishes the user session and logs the user in.
    • If the user does not exist and auto-provisioning of users is enabled,
      Informatica Intelligent Cloud Services
       gets the user roles, groups, and attributes from the SAML token and creates the user.
      Informatica Intelligent Cloud Services
       establishes the user session and logs the user in. If the token contains no SAML role or group information,
      Informatica Intelligent Cloud Services
       fails the login.
    • If the user does not exist and auto-provisioning of users is disabled,
      Informatica Intelligent Cloud Services
       fails the login.
  4. When a user logs out of
    Informatica Intelligent Cloud Services
     or the session times out,
    Informatica Intelligent Cloud Services
     sends a SAML logout request to the identity provider.
  5. The identity provider terminates the user session on the identity provider side.
0 COMMENTS
We’d like to hear from you!