AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() ![]() Now, you just need to provide some IdP metadata to Parsec. The list may be with or without spaces after the separator (,). If there are commas in the group name, surround the name with double quotes ("). Add a new claim using the name DefaultGroups and provide a comma delimited list of group name(s).If you're using SCIM or don't want to assign people to a group by default you can skip ahead to the next section, this step is optional. The group(s) must exist in Parsec and have a matching name, a new group will not be created automatically. This will only apply to new users and will not retroactively assign existing users to the default group(s). However, it is possible to configure default groups by sending additional claims in the SAML response. If you are not using SCIM to manage users and groups in Parsec, SAML users will not be assigned to a group in Parsec automatically. Make sure to set the name ID format and Application username to EmailAddress Configure SAML, use the ACS and Metadata endpoints provided earlier. In the new window, select SAML 2.0 as the method for sign on and click Create.Create a new app for Parsec by clicking Create New App.Visit the Applications section in Okta, and click Add Application.Remember that Parsec does not need to provide a signing certificate for the integration to work. The next step is to add metadata provided by your IdP into the Teams panel.Ĭommon SAML providers directions are shown below. In addition to these endpoints, you must use the email format for the name ID field in your identity provider when setting up SAML for Parsec to associate your accounts. In this case, the Metadata endpoint in Parsec refers to your Parsec Team’s metadata on the Service Provider end. Metadata: Metadata, alternatively referred to as the entityID in some systems, refers to the configuration data for an IDP or an SP. The full endpoints are shown in the Teams administration portal where you can copy and paste them in to your IdP configuration for Parsec.ĪCS: ACS means Assertion Consumer Service, and is used for establishing a session based on rules made between your IdP and the service provider it is integrating with. You will want to first register Parsec on your Identity Provider (IdP) and add the following SAML endpoints to it. Parsec only allows for logins to initiate from the Parsec login page or from within our app. You cannot initiate SAML authentication via your Identity Provider.To remove someone from a Team, an Administrator will have to remove them from the Team on the Teams admin portal.This will not invalidate a user's current session, but it will prevent them from logging in again after the session refreshes. IDP administrators can remove login access to Parsec via their Identity Provider.Team administrators can increase the re-authentication period to up to 720 hours in the Teams admin portal. However, active users automatically refresh their session based on activity. Default settings force users to re-authenticate every 8 hours on their client devices.Once a user sets up SAML login, they will need to use SAML as long as they're a member of your team.Each member of your team will need to know this alias to log in via SAML. Administrators can choose an alias for their team's SAML authentication in the Teams admin portal, to be used instead of your Team ID in order to login. ![]() The Identity Provider will handle these operations instead. SAML-enabled users cannot change their password, use their old Parsec password, or set up MFA within Parsec.SAML alias, enforcement and session settings Parsec does not support Identity Provider initiated SSO. ![]() Parsec supports Service Provider initiated SSO (Single Sign-On) and the Identity Provider initiated SLO (Single Logout). Parsec for Teams provides a generic authentication provider for SAML based authentication, which allows owners of a team on Parsec to manually configure any SAML-enabled Identity Provider (IDP) system. ![]()
0 Comments
Read More
Leave a Reply. |