Adding an Identity Provider - Administration Portal - Current - Current - Ready - Hyland Experience - external

Hyland Experience Administration Portal

Platform
Hyland Experience
Product
Administration Portal
Release
Current
License

Use the Add Identity Provider wizard to add an external identity provider to your Hyland Experience account.

To map custom user attributes for an external identity provider, please contact your Hyland support representative. Custom user attributes must be added to your Hyland Experience account before they can be mapped.

To add an external identity provider:

  1. Open the Administration Portal.
  2. Select the Identity tab under the banner.
    The Users page is displayed.
  3. In the sidebar, click Identity Providers.
    The Identity Providers page is displayed.
  4. Click Add Identity Provider.
    The Add Identity Provider wizard is displayed.
  5. On the Information page, enter the following information:
    Setting Description
    Identity Provider Name The friendly name for this identity provider (IdP). The Hyland Experience sign-in page displays this value as an authentication option for users whose email domains have been mapped to this IdP configuration.
    Entity ID The globally unique SAML identifier of the IdP.
    Metadata URL

    The URL from which SAML metadata will be collected.

    The SAML metadata must be provided through an internet-accessible URL. Importing a metadata file is not an available option.

    Minimum Assertion Signature Algorithm

    The minimum signature algorithm allowed to process an assertion.

  6. Click Next Step.
  7. On the Bindings page, specify whether this identity provider should override the default binding for authentication requests or assertions.
    Setting Description
    Override authentication request binding Select to override the default binding used for authentication requests. The default request binding is HTTP-Redirect.
    Override assertion binding Select to request a specific binding for assertions.
  8. Click Next Step.
  9. On the Claim Type Mapping page, enter the SAML assertion attribute for each claim type.

    Only claim types marked with an asterisk are required.

    Setting Description
    External User ID The attribute that specifies the user's persistent external identifier. The identifier must be unique to a single user.
    Email The attribute that specifies the user's primary email address. Each email address must be unique to a single user.
    Username The attribute that specifies the user's username. If this claim type is not mapped, or if no username value is provided, then the email value is used instead.
    First Name The attribute that specifies the user's first name.
    Last Name The attribute that specifies the user's last name.
    User Groups The attribute that specifies groups the user belongs to.
  10. Map custom user attributes as needed.
    Note: Custom user attributes must be added to your Hyland Experience account before they can be mapped. Contact your Hyland support representative if your Hyland Experience account requires custom user attributes.
    1. Select the Custom Attributes tab.
    2. Click Map Custom Attribute.
      If this option is not available, then there are no custom user attributes available to map.
    3. Select a custom user attribute from the Attribute drop-down list.
    4. In the Source Claim Name field, enter the name of the attribute as specified in SAML assertions from this identity provider. This value is case sensitive.
    5. Map additional custom user attributes as needed.
  11. Click Next Step.
  12. On the Email Domains page, specify the email domains allowed to authenticate using this identity provider.
    • Select one or more existing email domains to assign to this identity provider.
    • Click Add Email Domain to add a new email domain. For information about adding email domains, see Adding an Email Domain.
    If you added a new email domain, you must select it to assign it to this identity provider. Users can authenticate using this identity provider only if their email domains match one of those selected.
  13. Click Next Step.
  14. On the Settings page, indicate whether this identity provider configuration should be enabled.
    • Choose Enabled to make the identity provider an available sign-in option for eligible users as soon as the configuration is saved.
    • Choose Disabled if the identity provider should not yet be available to authenticate users for Hyland Experience.
  15. Click Next Step.
  16. Review the configuration settings you specified.
  17. Click Add Identity Provider to complete the process.