Create a group for SAML sign in users
Each time users sign in using SAML authentication, they are made a member of a group. Create a group to assign these users to.
* You can only use one group for SAML integration.
- From Site Manager select USERS & GROUPS.
- Select Groups.
- Select New Group.
- Type a Group Name.
- Optionally, type a Group Code.
- Optionally, select the group category from the Category menu.
- Select Save.
Add SAML integration settings
After configuring your ADFS and getting Finalsite to turn on SAML for your website, you can set up SAML in Site Manager. In the past, support had provided a certificate for clients to use. As of April 2023, this is no longer the case - you will rely on your own certificate. To proceed
- Extract the public key from your certificate View instructions.
- Choose one of the service providers (SAML or ADFS). We don't support any other identity providers.
After completing the above steps, begin the SAML setup in your account.
- In Site Manager, go to Configure > System Settings, then select the Integration tab.
- Navigate to the Sign-in Providers section, then select SAML.
- Enter your Authentication URL. This is the URL of the ADFS or Azure service you direct your users to.
- Enter the public key. The public key is usually a large numerical value that encrypts the data. View instructions to extract the public key.
- Select Validate Key.
- Add a new public key and validate it as early as possible so SAML service SAML service is active. SAML service will be discontinued after the validity of the public key and a new public key is essential to ensure service continuity.
- Enter the Sign In Header Text and Sign In Button Text.
- Select Group Assign. Assign all SAML-authenticated users automatically to one WCM group, then Save.
- Sign out of your account and sign in using SAML
METADATA URL
Our deployment of SAML for your WCM does not use metadata, however, the instructions we provide for you below contain all the relevant information that would be conveyed via metadata.
CLAIM RULES
- Right click on the Relying Party Trust you created.
- Select edit claim rule or add rule.
- Select Send LDAP Attributes as Claims.
- Claim Rule Name: Enter an identifiable name consistent with your naming conventions.
- Attribute Store: Select Active Directory.
- Map SAM-Account-Name to Outgoing Name ID.
- Map E-Mail-Addresses to Outgoing E-Mail Address.
- Map Given-Name to Outgoing Given Name.
- Map Surname to Outgoing Surname.