Map SAML Groups With Proficy Authentication

If you want SAML users to use Proficy Authentication, you must map the corresponding SAML groups with the Proficy Authentication group created during the Proficy product installation.

  1. Double-click on your desktop.
    The icon appears on your desktop after you install Proficy Authentication.
  2. Select the Identity Providers tab.
    The Proficy Authentication/LDAP/SAML Connectivity Tool appears.
  3. Select the Map Existing SAML Groups check box.
  4. In the UAA Connection section, provide values as specified in the following table.
    Important: The values that you provide in this step must match the values that you provided while installing your Proficy product. These values are required to connect to the Proficy Authentication. Proficy Authentication works only with a single instance of Proficy Authentication, which is specified during installation. After installation, you cannot change the instance of Proficy Authentication that Proficy Authentication will use.
    Field Description
    URL This information is read-only. The authorization server URL of the Proficy Authentication server is populated by default. This is the UAA Base URL that you specified during installation.
    Client ID Enter the client ID of the Proficy Authentication server that you specified for Admin Client ID during installation.
    Client Secret Enter the client secret configured for the OAuth client that you specified for Admin Client Secret during installation.
  5. Select Test.
    If connection to the Proficy Authentication server is established, a message appears, confirming the same.
  6. In the Existing SAML Identity Provider section, select the Identity Provider.
  7. Click Show IDP Details, or Create New IDP and provide values as specified in the following table.
    Field Description
    Metadata Location Specify the SAML Metadata – either an XML string or a URL that will deliver XML content. Optionally, you can select Instead Upload Metadata Xml to enter the metadata location using a file you downloaded from your SAML Identity Provider.
    Name Specify the name of your SAML provider.
    Origin Key Specify the unique alias for the SAML provider.
    SAML Group Attribute Names Specify the names of the attributes that contain the group membership information about a user in a SAML assertion.
    NameID Optionally, enter a SAML Name ID and associated fields that you want to use in a Link Test.
    Link Text Specify the text you want to appear in a link test.
    Enable SAML Link Select this check box to enable the SAML Link; clear to disable.
    Note: It is recommended to use the same Name and Origin Key (not mandatory).
  8. Select Add or Update to save your changes.
    Tip: Click Delete IDP to remove the existing IDP, and instead create a new one (using the Create New IDP button).
    The SAML Mapping screen appears.
  9. In the drop-down list box, select the Proficy Authentication group to which you want to map SAML groups.
  10. Enter a SAML Group and click Add Group. Repeat this step for each SAML group you want to add.
  11. When finished adding SAML groups, click Map Groups.
  12. Next, select Continue to complete.
    A message appears, confirming that the SAML groups are mapped to the Proficy Authentication group.