Setting up a SAML Client

bhavik.patel@oneadvanced.com Updated by bhavik.patel@oneadvanced.com

Introduction

The SAML Client feature allows organisation to integrate with third-party applications using SAML (Security Assertion Markup Language) for secure single sign-on (SSO).

How can I access SAML client

The SAML Client module is only available under certain conditions:

  1. User Role: You must be logged in as a Customer Admin user within your organisation.
  2. License Requirement: The SAML Client module becomes visible only when your organization has been granted a license that includes SAML Client module.
  3. Navigation: Once licensed, you can find it by going to:
    Apps > Integration > SAML Client.

SAML Client List

Customer admins can navigate to SAML clients via Apps > Integration > SAML Clients

When you open the SAML Client section, you will see a list of existing SAML clients for your organisation.

The list view displays the following details:

  • Name – The display name of the SAML client.
  • Issuer – The unique identifier provided by the SAML service provider.
  • Status – Indicates whether the client is active or disabled.
  • Action – Options to edit, delete the client.

Creating a new SAML Client

To add a new SAML client, click on Add Client button. You will need to fill in the following fields:

Client Name

  • A friendly name for the client.

Issuer

  • A unique identifier (Entity ID) provided by the service provider.

Description (Optional)

  • Add notes to help identify the purpose of this SAML client.

Redirect URIs

  • The URL(s) where the user will be redirected after authentication.
  • You may add multiple URIs if service provider supports them.

Certificate (PEM Format)

  • The X.509 certificate from the service provider.

Service Provider Metadata URL

  • If available, enter the metadata URL provided by the service provider.

Enforce HTTP-POST Binding (Enable/Disable)

  • When enabled, responses must use HTTP-POST binding (recommended for security).

Name ID Format

  • Defines the format of the user identifier sent in the SAML response.
  • Common options:
    • Username (default)
    • Email Address
    • Persistent
    • Transient

Edit SAML Client

SAML clients can be updated using the Edit option available on the SAML Client List screen.

When you open the Edit SAML Client screen, you can:

  • Update any of the existing fields such as Client Name, Redirect URIs, Certificate, or Name ID Format.
  • Change the Enforce HTTP-POST Binding setting if required.
  • Update or replace the Service Provider Metadata URL if your service provider configuration has changed.

IDP Metadata URL

On the Edit SAML Client screen, you will also find the IDP Metadata URL.

  • This URL provides metadata about your organisation’s Identity Provider (IdP).

  • It can be copied and shared with your service provider to help them configure their end of the SAML integration.

Best Practices

  • Always verify details with your service provider before saving.
  • Ensure certificates are up-to-date to avoid login failures.
  • Use HTTP-POST binding for maximum compatibility and security.

How did we do?

Unlock user account

Contact