Configuring SAML for Igloo

REQUIRED ACCOUNT/PERMISSION LEVEL

Bitium: All account levels; must be an admin to set up

Igloo: All account levels

In Bitium:

  1. Go to “Manage Apps.”

  2. Select “Igloo” from the list of installed apps.

  3. Select the “Single Sign-On” tab.

  4. From the dropdown, select “SAML Authentication.”

    Select SAML Authentication

Leave your Bitium window open and continue in a new tab.

In Igloo:

  1. Login to your Control Panel, navigate to Membership > Sign In Settings.

    SAML in Igloo

    Access Sign In Settings

  2. Click “Configure SAML Authentication.”

  3. In the “Connection Name” field, enter a name for this integration (example ‘Bitium SAML’).

  4. Copy the Login URL from Bitium. Paste it in the “IDP Login” field in Igloo.

  5. Leave the IdP Logout Field blank.

  6. Confirm that the Logout Response and Request HTTP Type radio button is set to Redirect.

  7. Leave the “Logout Final Redirect URL” field blank as well.

  8. Confirm that the “Binding Type” radio button is set to POST.

  9. Copy the X.509 Certificate from Bitium. Paste this into the Public Certificate field in Igloo.

    SAML in Igloo

    Copy and Paste X.509 Certificate

  10. From the “Identity Provider” dropdown menu in Igloo, select the option “Other.”

  11. Confirm that the “Identifier Type” dropdown is set to “Email Address.”

  12. Confirm that the “Identifier Path” field input is /samlp:Response/saml:Assertion/saml:Subject/saml:NameID (It should be set to this and the following values by default.)

  13. Confirm that the Session Index Path is /samlp:Response/saml:Assertion/saml:AuthnStatement.

  14. Confirm that the Email Path is /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=”Email”]/saml:AttributeValue.

  15. Confirm that the First Name Path is /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=”FName”]/saml:AttributeValue.

  16. Confirm that the Last Name Path is /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=”LName”]/saml:AttributeValue.

  17. Leave the Drift time as 5 seconds (or less if you’d prefer a login attempt to timeout sooner in the case of failure).

    SAML in Igloo

    Completed Settings

  18. For the User creation on Sign in radio buttons, choose the option you prefer. If you choose the radio button to create new users, JIT provisioning will be enabled. By assigning the user the app in Bitium, they will be able to login, and a user account in Igloo will be created for them if one didn’t already exist.

  19. For the Sign in Settings, choose which option you would prefer.

    • By choosing Redirect all users to IdP, clicking on the app in Bitium will take you straight into Igloo, without hitting the login page at all. We recommend this as a smoother user experience when using Bitium. You will remain logged into Igloo as long as you’re logged into Bitium.
    • By choosing Use SAML button on “Sign in” screen, clicking on the app in Bitium will take you to the login page, upon which there will be a SAML button. Clicking this button will log you in. However, when logged into Igloo, you can logout at any time, which will return you to the login screen.

In Bitium:

Go back to the Single Sign-On tab for Igloo and click the “Save Changes” button.

Bitium does not support full IdP Logout at this time. If you would like to request this feature, please contact support@bitium.com.
SAML Enabled will be illuminated in green once completed.