Manteinance tasks when using SAML 2.0 authentication protocol

<< Click to Display Table of Contents >>

Navigation:  Manage platform users and authentication > Manage identity providers for Enterprise subscriptions > Maintenance Tasks >

Manteinance tasks when using SAML 2.0 authentication protocol

Overview

Single Sign-On (SSO) setup requires some elements that demand some maintenance tasks, so you keep on going your system. When you are using SAML 2.0 authentication protocol, you must be aware of certificates expiration. Depending on the application you are integrating with an IdP using SAML 2.0, you must perform one of the maintenance tasks described below.

 

Authentication maintenance tasks for the Customer Portal and cloud-based portals

When configuring the Customer Portal and cloud-based portals to integrate with any IdP using SAML 2.0, the IdPs use a P12/PFX certificate for assertion signature. This certificate has an expiration date and its your responsibility to keep track of it. For example, if you are using Azure AD as your IdP, you can verify the certificate's expiration date in the Azure AD portal.

 

SAML_SSOMaintenance_01

 

Before the certificate expiration, you must generate a new one (using OpenSSL or another SDK for this purpose) and upload it to the Customer Portal. To do so, go to the Customer Portal's settings and, in the Security options, select Authentication Protocols. Then, look for the authenticator that is using SAML 2.0 as the authentication protocol, and upload the certificate in the Signature Certificate option of the authenticator's Signing Certificate section.

 

SAML_SSOMaintenance_02

 

Once you have done this, you must download Bizagi's metadata from Accounts using the following URL:

https://accounts-[company].bizagi.com/saml2/metadata

 

note_pin

If you have multiple authenticators, make sure you know which one is applicable.

 

With the metadata already downloaded, go into the corresponding IdP application (the one targeting https://accounts-[company].bizagi.com) and upload it to conclude the maintenance task. For example, if you are using Azure AD as your IdP, you can upload the metadata file in the Azure AD portal.

 

SAML_SSOMaintenance_03

 

Authentication maintenance tasks for the Work Portal

When configuring the Work Portal to integrate Azure AD using SAML 2.0, Azure uses a P12/PFX certificate for assertion signature. As mentioned before, this certificate has an expiration date and its your responsibility to keep track of it.

 

SAML_SSOMaintenance_01

 

Before the certificate expiration, you must generate a new one (using OpenSSL or another SDK for this purpose) and upload it in Bizagi's authentication configuration (either Bizagi Studio or the Management Console).

 

SAML_SSOMaintenance_04

 

SAML_SSOMaintenance_05

 

note_pin

In the management console, before modifying the authentication configurations, it is necessary to set the environment status as Maintenance from the maintenance window.

After doing the desired modifications, remember to restart the environment to reflect the changes.

 

Once you have done this, you must download Bizagi's metadata using the following URL:

https://[environment]-[project]-[company].bizagi.com/saml2/metadata.xml?mode=attachment

 

With the metadata already downloaded, go to the Azure AD portal and upload it to conclude the maintenance task.

 

SAML_SSOMaintenance_03


Last Updated 8/1/2023 3:02:33 PM