Configuring SAML for Igloo
REQUIRED ACCOUNT/PERMISSION LEVEL
Bitium: All account levels; must be an admin to set up
Igloo: All account levels
Go to “Manage Apps.”
Select “Igloo” from the list of installed apps.
Select the “Single Sign-On” tab.
From the dropdown, select “SAML Authentication.”
Leave your Bitium window open and continue in a new tab.
Login to your Control Panel, navigate to Membership > Sign In Settings.
Click “Configure SAML Authentication.”
In the “Connection Name” field, enter a name for this integration (example ‘Bitium SAML’).
Copy the Login URL from Bitium. Paste it in the “IDP Login” field in Igloo.
Leave the IdP Logout Field blank.
Confirm that the Logout Response and Request HTTP Type radio button is set to Redirect.
Leave the “Logout Final Redirect URL” field blank as well.
Confirm that the “Binding Type” radio button is set to POST.
Copy the X.509 Certificate from Bitium. Paste this into the Public Certificate field in Igloo.
From the “Identity Provider” dropdown menu in Igloo, select the option “Other.”
Confirm that the “Identifier Type” dropdown is set to “Email Address.”
Confirm that the “Identifier Path” field input is /samlp:Response/saml:Assertion/saml:Subject/saml:NameID (It should be set to this and the following values by default.)
Confirm that the Session Index Path is /samlp:Response/saml:Assertion/saml:AuthnStatement.
Confirm that the Email Path is /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=”Email”]/saml:AttributeValue.
Confirm that the First Name Path is /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=”FName”]/saml:AttributeValue.
Confirm that the Last Name Path is /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name=”LName”]/saml:AttributeValue.
Leave the Drift time as 5 seconds (or less if you’d prefer a login attempt to timeout sooner in the case of failure).
For the User creation on Sign in radio buttons, choose the option you prefer. If you choose the radio button to create new users, JIT provisioning will be enabled. By assigning the user the app in Bitium, they will be able to login, and a user account in Igloo will be created for them if one didn’t already exist.
For the Sign in Settings, choose which option you would prefer.
- By choosing Redirect all users to IdP, clicking on the app in Bitium will take you straight into Igloo, without hitting the login page at all. We recommend this as a smoother user experience when using Bitium. You will remain logged into Igloo as long as you’re logged into Bitium.
- By choosing Use SAML button on “Sign in” screen, clicking on the app in Bitium will take you to the login page, upon which there will be a SAML button. Clicking this button will log you in. However, when logged into Igloo, you can logout at any time, which will return you to the login screen.
Go back to the Single Sign-On tab for Igloo and click the “Save Changes” button.
Bitium does not support full IdP Logout at this time. If you would like to request this feature, please contact email@example.com.
SAML Enabled will be illuminated in green once completed.