SAML

Glia supports clients using Single Sign-On via Security Assertion Markup Language (SAML 2.0). SAML is an XML-based, open-standard data format that allows parties to securely exchange user authentication and authorization data. SAML-Based Single Sign-On (SSO) allows clients to have full control over the authorization and authentication of user accounts that can access to the web-based Glia Hub. In this model, Glia acts as a service provider while Glia's clients act as identity providers that control usernames, passwords and other information used during the identification, authentication and authorization process of users by Glia web applications. In addition, all logs remain with the identity provider (Glia’s client) for audit purposes.

Glia supports two ways of SSO by means of SAML: Identity Provider (IdP) Initiated SSO (Unsolicited Web SSO) and Service Provider (SP) initiated SSO. In an IdP Initiated SSO a user is logged on to the IdP and attempts to access a resource (Glia) on a remote SP server. The SAML assertion is transported to the Service Provider (Glia) via HTTP POST.

The SAML parameters can be configured programmatically or by requesting help from your Success Manager.

POST Create SAML

Action: POST /saml

This creates a SAML provider that can be associated with a site. User needs to have the super_manager role to be able to add SAML provider to the site.

Parameters

Type

Required

Description

idp_metadata_url

string

Yes

A URL to the SAML provider endpoint that returns the provider's configuration data.

site_id

string

Yes

The ID of the site that the SAML configuration will be associated with.

name_identifier_format

string

Yes

The name of the attribute within a SAML response where the operator's email is placed.

subdomain

string

Yes

The subdomain that will be used by operators to access the Glia Hub. E.g. if the subdomain is set to client_name then the operators will access Glia via client_name.app.glia.com.

auth_context

string

No

The authentication context of the SAML.

idp_name_attribute

string

No

The name of the attribute within a SAML response where the operator's name is placed.

idp_email_attribute

string

No

The name of the attribute within a SAML response where the operator's email is placed.

Later the information of the new SAML provider can be fetched at the URL subdomain.app.glia.com/saml/metadata. Where the subdomain is the value of the parameter subdomain sent along with the POST request.

PUT Update SAML

Action: PUT /saml/{saml_id}

Updates the configuration of the specified SAML provider. User needs to have the super_manager role to be able to update the SAML provider.

Parameters

Type

Required

Description

saml_id

string

Yes

The ID of the SAML provider to be updated.

site_id

string

Yes

The ID of the site that the SAML will be assigned to.

idp_metadata_url

string

Yes

A URL to the SAML provider endpoint that returns the provider's configuration data.

site_id

string

Yes

The ID of the site that the SAML configuration will be associated with.

name_identifier_format

string

Yes

The name of the attribute within a SAML response where the operator's email is placed.

subdomain

string

Yes

The subdomain that will be used by operators to access the Glia Hub. E.g. if the subdomain is set to client_name then the operators will access Glia via client_name.app.glia.com.

auth_context

string

No

The authentication context of the SAML.

idp_name_attribute

string

No

The name of the attribute within a SAML response where the operator's name is placed.

idp_email_attribute

string

No

The name of the attribute within a SAML response where the operator's email is placed.

Call Your Customer Success Manager

While configuring the SAML provider via the Customer Success Manager the following parameters will be requested:

Parameters

Type

Required

Description

certificate fingerprint

string

Yes

The certificate fingerprint used for authentication purposes between the IDP and the SP.

name_identifier_format

string

Yes

The name of the attribute within a SAML response where the operator's email is placed.