Enable your organization to use an SAML identity provider, also called single sign-on, to import users and groups from an SAML identity provider and allow imported users to sign on to the organization with the credentials established in the SAML identity provider.
- Verify that you are logged in as a system or organization administrator.
- Verify that you have access to an OpenAM or Active Directory Federation Services SAML identity provider.
- Verify that your system has updated JCE unlimited strength jurisdiction policy files. See Install Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files.
- Create an XML file with the following metadata from your SAML identity provider.
- The location of the single sign-on service
- The location of the single logout service
- The location of the service's X.509 certificate
- Click Administration.
- In the left pane, select .
- Select Use SAML Identity Provider.
- Copy and paste the SAML provider metadata XML into the text box or click Browse to upload the metadata XML file.
- Click Apply.
What to do next
- Configure your SAML provider with vCloud Director metadata. See your SAML provider's documentation and the vCloud Director Installation and Upgrade Guide.
- Configure your SAML provider to provide tokens with the following attribute mappings.
- email address = "EmailAddress"
- user name = "UserName"
- full name = "FullName"
- user's groups = "Groups"
- Import users and groups from your SAML provider.