SAML
Glia supports clients using Single Sign-On via Security Assertion Markup Language (SAML 2.0). SAML is an XML-based, open-standard data format that allows parties to securely exchange user authentication and authorization data. SAML-Based Single Sign-On (SSO) allows clients to have full control over the authorization and authentication of user accounts that can access to the web-based Glia Hub. In this model, Glia acts as a service provider while Glia's clients act as identity providers that control usernames, passwords and other information used during the identification, authentication and authorization process of users by Glia web applications. In addition, all logs remain with the identity provider (Glia’s client) for audit purposes.
Glia supports two ways of SSO by means of SAML: Identity Provider (IdP) Initiated SSO (Unsolicited Web SSO) and Service Provider (SP) initiated SSO. In an IdP Initiated SSO a user is logged on to the IdP and attempts to access a resource (Glia) on a remote SP server. The SAML assertion is transported to the Service Provider (Glia) via HTTP POST.
The SAML parameters can be configured programmatically or by requesting help from your Success Manager.
Action: POST /saml
This creates a SAML provider that can be associated with a site. User needs to have the super_manager role to be able to add SAML provider to the site.
Parameters | Type | Required | Description |
|
| Yes | A URL to the SAML provider endpoint that returns the provider's configuration data. |
|
| Yes | The ID of the site that the SAML configuration will be associated with. |
|
| Yes | The name of the attribute within a SAML response where the operator's email is placed. |
|
| Yes | The subdomain that will be used by operators to access the Glia Hub. E.g. if the subdomain is set to |
|
| No | The authentication context of the SAML. |
|
| No | The name of the attribute within a SAML response where the operator's name is placed. |
|
| No | The name of the attribute within a SAML response where the operator's email is placed. |
Later the information of the new SAML provider can be fetched at the URL subdomain.app.glia.com/saml/metadata. Where the subdomain is the value of the parameter subdomain sent along with the POST request.
Action: PUT /saml/{saml_id}
Updates the configuration of the specified SAML provider. User needs to have the super_manager role to be able to update the SAML provider.
Parameters | Type | Required | Description |
|
| Yes | The ID of the SAML provider to be updated. |
|
| Yes | The ID of the site that the SAML will be assigned to. |
|
| Yes | A URL to the SAML provider endpoint that returns the provider's configuration data. |
|
| Yes | The ID of the site that the SAML configuration will be associated with. |
|
| Yes | The name of the attribute within a SAML response where the operator's email is placed. |
|
| Yes | The subdomain that will be used by operators to access the Glia Hub. E.g. if the subdomain is set to |
|
| No | The authentication context of the SAML. |
|
| No | The name of the attribute within a SAML response where the operator's name is placed. |
|
| No | The name of the attribute within a SAML response where the operator's email is placed. |
While configuring the SAML provider via the Customer Success Manager the following parameters will be requested:
Parameters | Type | Required | Description |
|
| Yes | The certificate fingerprint used for authentication purposes between the IDP and the SP. |
|
| Yes | The name of the attribute within a SAML response where the operator's email is placed. |
