The Security Assertion Markup Language (SAML) is a data format for authentication and authorization. One of the key benefits of SAML is that it enables single sign-on (SSO), and thereby minimizes the number of times a user has to log on to cloud applications and websites.
Three entities are involved in the authentication process:
- the user
- the identity provider (IdP)
- the service provider (SP)
The identity provider is used for authentication. When the identity provider has asserted the user identity, the service provider can give the user access to their services. Because the IdP has enabled SSO, the user can access several service provider sites and applications without having to log in at each site. In the authentication process, Qlik Sense plays the role of a service provider. When a user logs in to Qlik Sense, the login is transferred to the identity provider that handles the actual SSO authentication.
The service provider (Qlik Sense) needs configuration information from an identity provider. This information is available as an IdP metadata file that users can download and deliver to the service provider for easy configuration. The IdP metadata is uploaded from the QMC.Not all IdPs support download of metadata files. If download is not supported, the metadata file can be created manually.Qlik Sense as a service provider is to provide the identity provider with SP metadata, which is downloaded from the QMC. The metadata includes the following information:
- Assertion consumer service (ACS) URL
- Entity ID
- Security certificate
HTH - Andy