This article provides guidelines and instructions to configure your SSO provider (other than AD FS) as well as your Enterprise Account in order to enable the SSO functionality using SAML.
Supports & Requirements
Identity Provider (IdP)
That said, any other compatible IdP should also technically be supported (for example among others, OneLogin).
* For an integration with AD FS, see the dedicated article: Enabling SSO with Active Directory (AD FS) – Using SAML 2.0.
It is still necessary to create user accounts in your Enterprise Account once the SSO functionality is enabled.
For more information, see: User Accounts in SSO Context.
For all details about client integrations supported when configuring SSO with SAML 2.0, see: Supported Client Integrations & Restrictions.
Identity Provider (IdP) Configuration Guidelines
Consumer Service (ACS) URL:
https://login.[xmedius_domain]/auth/saml/callbackNote: Use the [domain] that corresponds to the region of your enterprise account (i.e. xmedius.com for USA, xmedius.ca for Canada or xmedius.eu for Europe).
https://login.[xmedius_domain]/Note: Use the same [xmedius_domain] as above – and do not forget the mandatory slash (/) at the end.
- The email address should
be included in the NameID field of the Assertion Subject, as in the following
<saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">firstname.lastname@example.org</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData InResponseTo="_74c1cb68-ccba-49fb-b9c8-a4e9d76d1a6d" NotOnOrAfter="2019-05-15T16:09:14.590Z" Recipient="https://login.xmedius.com/auth/saml/callback" /> </saml2:SubjectConfirmation> </saml2:Subject>
- The Assertion should be signed
- The Response should be signed as well
Enterprise Account Configuration
- Login to your XMedius Cloud account using a Web browser.
Important: Keep the fail-safe URL (https://login.[domain]/[account]/no-sso) provided at the bottom of the SSO configuration section, it will allow you to log in using your XMedius Cloud account credentials if you lock yourself after SSO activation.
- From the main menu of your Web Portal, select .
- Go to Single Sign-On section and select SAML 2.0.
- Provide the following required information:
- If needed, provide the following optional information: