Skip to main content

Documentation Portal

SAML/SSO

TrendMiner supports the integration of SAML 2.0-based identity providers to set up login and access permissions for users, leveraging your existing infrastructure for scalable administration. Note that although any identity provider adhering to the SAML 2.0 standard should technically work, the following identity providers have been tested and are fully supported by TrendMiner:

If your identity provider does not appear on this list, please reach out to your TrendMiner contact. Further analysis and custom work could be needed to integrate with your identity provider.

Warnung

Setting up SAML integration with TrendMiner will require input from different domain experts, typically including IT administrators to provide XML metadata files, configure an application in the identity provider, provide certificates, etc.

This documentation is set up to make this process as seamless as possible but is not meant as exhaustive documentation of the SAML protocol itself and/or specific configuration options on the identity provider side. TrendMiner cannot configure SAML for you.

Terminology

A Service Provider (SP) is the entity (in this case, TrendMiner) providing the service, typically in the form of an application.

An Identity Provider (IdP) is the entity (e.g. Azure AD or Okta) providing the identities, including the ability to authenticate a user. The Identity Provider typically also contains the user profile: additional information about the user such as first name, last name, job code, phone number, address, and so on. Depending on the application, some service providers may require a very simple profile (username, email), while others may require a richer set of user data (job code, department, address, location, manager, and so on).

A SAML Request, also known as an authentication request, is generated by the Service Provider to "request" an authentication.

A SAML Response is generated by the Identity Provider. It contains the actual assertion of the authenticated user. In addition, a SAML Response may contain additional information, such as user profile information and group/role information, depending on what the Service Provider can support.

General steps to configure SAML integration

  1. In the first step, a new application needs to be created and configured in the Identity Provider portal

  2. The second step includes the configuration in ConfigHub, using the output of Step 1

  3. Finally, the information generated in Step 2 is to be imported into the Identity Provider portal to finalize the configuration

In diesem Abschnitt: