Configure SSO SAML

CLOUD ONLY: Updated for 10.10

Configure SSO SAML allows the tenant admin to configure their SAML provider settings.

  1. Enter the following information:

    • SSO Name - This is a unique identifier when you are logging into your tenant. When you choose your SSO name, It should be short and cannot contain spaces. It should be something that your users will remember. It can not be changed once it's been created.

      For example, ACME Corporation might choose acmecorp.

    • SAML Group Attribute Name - In order to synch your directory groups with SysTrack permission groups, you will need to enter the attribute definition where the group claims are included in your SAML response.

      WARNING: You should not complete this value if you are not configuring access to the tenant using group sync from your IdP. Leave this blank if you are going to manually invite SAML users.

      NOTE: A SAML group attribute name may look like the following example from EntraID: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

    • SSO Login URL - This is your identity providers SSO Login URL that you have been provided and is unique to your company.

    • Identity Provider Entity ID - This is your identity provider or service provider's globally unique name.

    • Upload Certificate - Your identity provider will give you the certificate information that you need to upload. A certificate with at least 256 bit encryption is required. An X.509 certificate contains an identity and a public key. The certificate must be in .pem, .cer or .crt format.

  2. Click Upload Certificate.

  3. Click Save Configuration to save the changes.

SysTrack SAML Configuration

This is the basic information required for your IdP configuration.

Entity ID: https://lakesidesoftware.com/sp

Callback URL: https://[DOMAIN].lakesidesoftware.com/Saml2/Acs

NOTE: You should replace [DOMAIN] with the relevant cloud domain for your tenant. For example: cloud.lakesidesoftware.com, It is case sensitive.

Callback URL is often referred to as an ACS URL.

Sign On URL: https://[DOMAIN].lakesidesoftware.com/Cloud/sso

Name ID Format

Name ID should be set to persistent.

The IdP must send the email address of the user as the unique identifier. It should be contained within:

  • The attribute: emails

    or

  • Full schema: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Optional Settings

The following information may also be required:

AuthRequestsSigned = FALSE

WantAssertionsSigned = TRUE

Binding = HTTP-POST

Authentication Initiation = SP (not IDP)