Single Sign-on (SSO)
The settings on this page are related to set up Single Sign-on (SSO) on TigerGraph. This page does not appear on the Admin Portal for TigerGraph Cloud solutions because of the unified User Authentication system present in TigerGraph Cloud.
Service provider information
When you configure SSO on TigerGraph with a trusted identity provider, TigerGraph is the service provider.
X509 certificate and private key
In SAML 2.0, you have the option of signing the SAML requests made to the identity provider. To sign a request, TigerGraph uses the X509 certificate and private key provided here.
There are two ways of providing the X509 certificate and private key:
-
Upload files.
-
Click the file upload button next to the input box, and a drop-down menu for uploading files will appear. Click the upload file option to upload the desired file.
-
-
Generate a self-signed certificate.
-
Click the file upload button next to the input box, and a drop-down for uploading files will appear. Click the Self sign button. There will be a pop-up box to fill in the information. Items marked with * are required.
-
Identity provider information
These fields provide information on your identity provider. You should be able to obtain the correct values for these fields from your identity provider.
-
Entity ID
-
SSO URL
-
X509 certificate
Security options
At the bottom of the SSO page are a list of security options you can configure for SSO:
-
Sign authentication requests before sending to Identity Provider
-
Require Identity Provider to sign responses
-
Require Identity Provider to sign assertions
-
Require Identity Provider to sign metadata
-
-
An attribute that defines how a user should log in.
-
Example value:
urn:oasis:names:tc:SAML:2.0:ac:classes:Password
-
It is recommended that you enable as many of the options as possible for maximum security. However, some identity providers do not support enabling certain options at the same time. Refer to your identity provider’s documentation to determine which options to use: