Using SAML Authentication

 

Clearvale supports SAML (Security Assertion Markup Language) single sign on. To use SAML single sign on for your network, it must first be enabled for your account and network within the Clearvale Management Center. Then, the network administrator can configure SAML  authentication for a particular network on the Admin>Authentication>SAML page.

SAML  allows network members to sign into the network with their SAML identify. Your network can be configured to just allow SAML IDs or to support both SAML and Clearvale IDs.

When you enable SAML, the login page to your network provides a link to enter the SAML ID. Depending on how you configured SAML authentication, you may also see the traditional Clearvale login and password fields.

Clearvale supports SAML 1.1 and 2.0.

To configure SAML 2.0 authentication for your network:

  1. Go to Admin>Authentication>SAML.
  2. Set SAML Version to  2.0.
  3. Set the SAML settings as follows:
    • SAML SSO Integration. Set to Enabled to use SAML authentication.
    • SAML SSO Mode. Choose one of the following: Select Compatibility to allow for SAML or Clearvale authentication. If you select this option, the Clearvale login page appears and includes a link for SAML authentication as well as Clearvale authentication. Select Exclusive to require SAML authentication. If you select this option, you will only see the SAML authentication link.
    • SAML IDP. Enter the URL for your SAML identity provider.
    • SAML SSO End Point Address. Enter the URL for the SAML end point address.
    • SAML Logout Address. Enter the URL for the SAML logout address.
    • SAML Public Key Certificate.  Select the file that contains your certificate.
  4. Click Save.

To display IDP configuration settings for your network, click  Show the IDP configuration information. The following values for your network are displayed:

  • URL
  • Assertion Consumer Service URL
  • Single Logout Service URL

To configure SAML 1.1 authentication for your network:

  1. Go to Admin>Authentication>SAML.
  2. Set SAML Version to  1.1.
  3. Set the SAML settings as follows:
    • SAML SSO Integration. Set to Enabled to use SAML authentication.
    • SAML SSO Mode. Choose one of the following: Select Compatibility to allow for SAML or Clearvale authentication. If you select this option, the Clearvale login page appears and includes a link for SAML authentication as well as Clearvale authentication. Select Exclusive to require SAML authentication. If you select this option, you will only see the SAML authentication link.
    • SAML 1.1 IDP Host. Enter the URL for your SAML identity provider.
    • SAML 1.1 Login Address. Enter the URL for the SAML login address.
    • SAML 1.1 Logout Address. Enter the URL for the SAML logout address.
    • SAML 1.1 Public Key Certificate.  Select the file that contains your certificate.
  4. Click Save.

Notes:

  • SAML authentication is not supported with the Clearvale APIs.
  • SAML authentication cannot be used with an ecosystem of networks.
  • When signing in with SAML credentials, you cannot change your password within Clearvale. You must change your password within SAML.
  • When SAML mode is in exclusive mode, network administrators cannot configure member invitation preferences for the network (on the Admin>Network Administration page). Nor can you or network members invite people to join your network from within Clearvale. Instead, all new members must be handled within SAML.