This document provides information about the Providers report screen, which displays information about SAML providers.
Path to access
- On the Segura® Platform, in the navigation bar, hover over the Products menu and select Settings.
- In the side menu, select Authentication > SAML > Providers.
Actions menu
| Item | Type | Description |
|---|---|---|
| Add | Button | Directs to the SAML provider registration screen. |
| Actions | Dropdown menu | Displays the options Print report, Export CSV, and Schedule report. |
Search fields
To view all search fields, click More.
| Item | Type | Description |
|---|---|---|
| ID | Text field | Filters by the SAML provider identification code within the Segura® Platform. |
| Type | Dropdown menu | Filters by the type of SAML provider. The options are: Azure, KeyCloak, Okta, and SAML provider. |
| Entity ID | Text field | Filters by the ClientID or EntityID of the SAML application. |
| SAML provider metadata URL | Text field | Filters by the server metadata URL. |
| Status | Dropdown menu | Filters by the SAML provider activation state in the Segura® Platform. The options are: Enabled and Disabled. |
| Environment | Dropdown menu | Filters by the environment of the SAML provider. The options are: Local and Domum Remote Access. |
Report fields
- ID.
- Type.
- Entity ID.
- SAML provider metadata URL.
- Enabled.
- Environment.
- Actions:
- Edit provider: opens the SAML provider registration screen.
- Disable provider: disables the SAML provider.
By default, the report displays 30 records per screen. To go to the next screen, click the forward buttons at the bottom of the report.
SAML provider registration screen
| Item | Type | Required | Description |
|---|---|---|---|
| Type * | Dropdown menu | Yes | Selects the SAML provider type. |
| Enable * | Radio button | Yes | Defines the provider activation state. The options are: Yes and No. |
| Environment * | Radio button | Yes | Defines the environment to which the SAML provider will be linked. The options are: Local and Domum Remote Access. |
| Provider name | Text field | No | Defines the provider name that will be displayed on the login screen button. |
| Icon | Upload field | No | Defines the provider icon that will be displayed on the login screen button. |
| Entity ID * | Text field | Yes | Defines the ClientID or EntityID. |
| SAML provider metadata URL * | Text field | Yes | Defines the application or realm metadata URL. |
| Domain or public IP for URL redirection * | Text field | Yes | Defines the Segura® Platform domain or public IP. |
| Redirect URL * | Text field | Yes | Defines the redirect URL. |
| Comments | Text field | No | Enters comments related to the SAML provider. |
| SSO Login URL (Sign-in URL) * | Text field | Yes | Defines the HTTP-Redirect Bind URL for login. |
| SSO Logout URL (Sign-out URL) | Text field | No | Defines the HTTP-Redirect Bind URL for logout. |
| Redirect binding type | Dropdown menu | No | Selects the type of Redirect Binding for the SAML provider. |
| SAML SSO force auth * | Radio button | Yes | Defines whether the ForceAuthn attribute will be included in the SAML requests sent to the Identity Provider (IdP). The options are: Yes and No. |
| Send AuthnContext in SAML request * | Radio button | Yes | Defines whether the RequestedAuthnContext element will be included in the AuthnRequest sent to the identity provider. When disabled, the IdP determines the authentication method based on its own policies. The default value is Yes. |
| Accepted authentication methods | Multi-select | No | Defines the authentication methods requested from the identity provider. This field is displayed only when Send AuthnContext in SAML request is enabled. The options are: Password, Certificate (X509), and Unspecified. When multiple methods are selected, the Comparison attribute is set to minimum. |
| Certificate (PEM format) * | Text field | Yes | Enters the content of the SAML certificate. |
The Send AuthnContext in SAML request configuration is independent per provider. Different providers can have distinct configurations, and each AuthnRequest generated reflects exclusively the configuration of its respective provider.
The RequestedAuthnContext configuration is independent of the Force IdP Authentication (ForceAuthn) configuration. Both fields coexist in the form and operate independently.
All SAML provider configurations must be compatible with those configured in the Identity Provider (IdP) to ensure proper authentication. Divergences may result in authentication failures. The exception is the Send AuthnContext in SAML request field: when disabled, the IdP determines the authentication method based on its own policies, which is the expected behavior for environments with passwordless or MFA app authentication.