Web Community Manager allows for Security Assertion Markup Language (SAML) integration with Active Directory Federation Services (ADFS) 2.0-5.0 or with Microsoft Azure serving as the identity provider.
* Support must turn on the configuration options for SAML on your Site Manager. Talk to your Client Success Manager if you don't have SAML and want to learn how to get it.
About SAML
Security Assertion Markup Language (SAML) is an internet standard that allows service providers, like WCM, to trust identity providers, like ADFS, so that when the identity provider asserts a user's identity, the service provider accepts that as true.
In other words, when the identity provider tells the site "This is Joe, let him in", the site lets Joe in with all the access that he normally has by logging in to the site directly.
Special considerations
If you've deployed SAML integration before, there are a few special considerations that may differ from your previous experience.
- No Metadata. This implementation doesn't use Identity Provider Metadata nor Service Provider Metadata.
- Certificate. -- in the past, support had provided a certificate for clients to use. As of April 2023, this is no longer the case - you will rely on your own certificate.
* The following information assumes that your ADFS or Azure server is fully maintained, monitored, and secured to the standards set by your network policies and ready for use. For specific questions on the deployments, security, or maintenance of your ADFS or Azure service, please consult your software vendor.
Before you get started
- Add SAML to your account. Contact your account team to check if SAML is part of your WCM package.
- Verify your ADFS or Azure service is fully deployed according to your network policies. For specific questions on deployment, please contact your software vendor.
- Enable SAML within WCM. Enable SAML by navigating to Site Manager > Configure > System Settings > Integration Tab. If you can't enable SAML, reach out to WCM support.
- Verify your WCM site is deployed on your permanent live domain. SAML references the domain name for sending assertions, so don't change domain names after deploying SAML.