Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

SAS PCE for Silverfort Application

Identity Provider (SafeNet Access Exchange) Setup

search

Please Note:

Identity Provider (SafeNet Access Exchange) Setup

Configuring the Identity Provider (for example, SafeNet Access Exchange) requires creating a client in SafeNet Access Exchange.

Perform the following steps to create a client in SafeNet Access Exchange:

  1. Log into SafeNet Access Exchange as an administrator.

  2. On the administrator console, select your realm (for example, Silverfort).

  3. In the left pane, under Manage, click Clients, and in the right pane, click Create client.

  4. On the General Settings tab, perform the following steps:

    1. In the Client type field, select SAML.

    2. In the Client ID field, enter a value of your choice (for example, https://sae.mydomain.com/realms/Silverfort-POC).

    3. (Optional) In the Name field, enter a name of your choice (for example, Silverfort).

    4. Click Next.

  5. On the Login Settings tab, perform the following steps:

    1. In the Valid redirect URIs field, enter the appropriate raven server URL for your region (for example, https://raven.silverfort.io/apps/api/sso/response).

    2. In the Master SAML Processing URL field, enter the appropriate raven server URL for your region (for example, https://raven.silverfort.io/apps/api/sso/response).

    3. Click Save.

  6. After creating the client, go to the Settings tab, and configure the following parameters:

    1. Under SAML Capabilities,

      • In the Name ID format field, select username.

      • Turn On the Force POST binding toggle.

      • Turn On the Include AuthnStatement toggle.

    2. Under Signature and Encryption,

      • Turn On the Sign documents toggle.

      • Turn On the Sign assertions toggle.

      • In the Signature algorithm field, select RSA_SHA256.

  7. Go to the Keys tab and turn Off the Client Signature required toggle.

Adding Return Attributes to Meet MFA Requirements

The following types of user return attributes must be included in SafeNet Access Exchange to meet multifactor authentication (MFA) requirements:

  • username

  • email

Perform the following steps to add the return attributes:

  1. Under Client details, go to the Client scopes tab.

  2. Under Assigned client scope, click -dedicated (for example, https://sae.mydomain.com/realms/Silverfort-POC-dedicated).

  3. Under Dedicated scopes, on the Mappers tab, click Configure a new Mapper.

  4. Under Configure a new mapper, click User Attribute.

  5. Under Add mapper, update the fields' values as per the table below, and click Save.

    Field Value
    Mapper type User Attribute
    Name username
    User Attribute email
    Friendly Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    SAML Attribute Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    SAML Attribute NameFormat Unspecfied

    The User Attribute mapper for the username return attribute is successfully added.

  6. On the Mappers tab, click Add mapper, and select By configuration.

  7. Perform the above steps 4 and 5 to add the email user return attribute.

    Refer to the table below for the corresponding field values needed to add and configure the email return attribute.

    Field Value
    Mapper type User Attribute
    Name email
    User Attribute email
    Friendly Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    SAML Attribute Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    SAML Attribute NameFormat Unspecfied

On this page