Enable your organization to use a Security Assertion Markup Language (SAML) identity provider, also called single sign-on, to import users and groups from a SAML identity provider and allow imported users to sign on to the organization with the credentials established in the SAML identity provider.
- email address = "EmailAddress"
- user name = "UserName"
- full name = "FullName"
- user's groups = "Groups"
- user's roles = "Roles"
You can configure the attributes in the Tenant Portal under the Attribute Mapping tab when you edit the SAML configuration.
Group information is necessary if the user is not directly imported but is expected to be able to log in by virtue of membership in imported groups. A user might belong to multiple groups, and can have multiple roles during a session.
If an imported user or group is assigned the Defer to Identity Provider role, the roles are assigned based on the information gathered from the Roles
attribute in the token. If a different attribute is used, this attribute name can be configured by using the API only, and only the Roles
attribute is configurable. If the Defer to Identity Provider role is used, but no role information can be extracted, the user can log in but does not have any rights to perform any activities.
Prerequisites
-
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
- Verify that you have access to an SAML 2.0 compliant identity provider.
- Verify that you receive the required metadata from your SAML identity provider. You must import the metadata to VMware Cloud Director either manually or as an XML file. The metadata must include the following information:
- The location of the single sign-on service
- The location of the single logout service
- The location of the service's X.509 certificate
For information on configuring and acquiring metadata from a SAML provider, see the documentation for your SAML identity provider.
Procedure
What to do next
- Configure your SAML provider with VMware Cloud Director metadata. See your SAML identity provider documentation and the VMware Cloud Director Installation, Configuration, and Upgrade Guide.
- Import users and groups from your SAML identity provider. See Managing Users, Groups and Roles.