SAML service provider reference

Enable SAML for all Cleo Portal users: Select this check box to authenticate all Cleo Portal users via IDP using the SAML protocol. If you select only this option, your SAML login page is displayed when users invoke Cleo Portal.
Important: Before you select this check box, make sure you have imported your IDP information and your IDP has your SP information.
Allow local login for Cleo Portal users: Select this check box to allow Cleo Portal users to login using their local credentials. If you select only this option, the Cleo Portal login page is displayed when users invoke Cleo Portal.

Note: Selecting both Enable SAML for all Cleo Portal users and Allow local login for Cleo Portal users enables mixed mode authentication, where Cleo Portal users can log in with either SAML or local credentials. The Cleo Portal log in page displays the Use Company Login check box. Clicking Log In with this check box enabled redirects the user to the SAML log in page. Otherwise, users can log in using local login credentials.

Entity ID: Specify the value to be used as the Issuer in the Authn request. This value must be unique and it should conform to the URI pattern.; This value is used to publicly identify your deployment throughout your configuration and all of the other deployments that it interoperates with. This means that updating this value could affect many different systems and could take a long time to propagate. It is recommended that you not use a physical hostname, as such a value could change if you update your physical configuration. Instead, consider using a value that describes the service itself, as such a value could remain intact even through changes in physical configuration. One recommendation is to use your Assertion Consumer Service Endpoint value, as long as the domain is fully qualified.
Assertion Consumer Service Endpoint (HTTP-POST): The URL to which the IDP posts assertions to your Cleo Harmony system.; http://<domain>:<port>/<portal-resource>; The value you should use for <portal-resource> is the same one you configure for the Local Listener Web Browser Service. See Local Listener Web Browser Service.
Single Logout Service Endpoint (HTTP – Redirect): The URL from which the IDP sends logout requests to your Cleo Harmony system.; http://<domain>:port</signout>; This field is populated automatically based on the value provided in the Assertion Consumer Service Endpoint field and is read-only.
Enable Single Logout: Select this check box to enable single logout processing and populate the Single Logout Service Endpoint (HTTP – Redirect) field.

Signing & Encryption

Provide information to support signing authentication requests and encrypting assertions.

Sign Authentication Requests

Select the check box to enable fields where you specify a certificate and password to cause Authn Requests sent to the IDP to be signed.

Signing Certificate
Password
Algorithm: Alias, password and algorithm for the certificate to use to sign authentication requests. You can specify a certificate or browse for and select one.; SHA-1 and SHA-256 algorithms are supported.

Encryption Assertion

Encryption Certificate
Password: Optional - Certificate alias and password the IDP will use for encryption. You can specify a certificate or browse for and select one.; Select Use same as Signing Certificate to use the signing certificate for encryption.

Sign MetaData

Enables the fields where you select a certificate to use to sign SP metadata XML files generated during export.

Metadata Signing Certificate
Password: Certificate alias and password to use for signing SP metadata XML files generated during export. You can specify a certificate or browse for and select one.; Select Use same as Signing Certificate to use the signing certificate to sign metadata.

Organization and Contacts

Name
Display Name
Website: Information about the SP organization.
Technical - Name and Email
Support - Name and Email: Information about people at the SP who are available to be contacted.