Configure SAML authentication

Security Assertion Markup Language (SAML) authentication allows you to use common external identity providers (IdP) to authenticate usernames and passwords for Calabrio ONE, the service provider (SP). This method of user authentication and password management is commonly referred to as “single sign-on.”

After SAML authentication is configured through your external IdP, the metadata needs to be downloaded, exported, and given to a Calabrio Professional Services Account Representative who will complete the configuration procedure within Calabrio ONE. See Export SAML Metadata for more information.

IMPORTANT   If the user’s email address is not mapped to the “mail” attribute on your external IdP, then you need to contact Calabrio Professional Services and tell the Calabrio representative the name of the attribute that contains the user email.

NOTE   If your IdP X.509 certificate is changed, for reasons such as a new expiration date, you need to provide the new X.509 certificate or the new SAML metadata file to Calabrio Professional Services. Otherwise, users will not be able to login.

NOTE   Tenant administrators who have been added by a system administrator can always log in using their Calabrio ONE credentials. This is true even if Calabrio ONE authentication is disabled and another form of authentication (SAML or Active Directory) is enabled.

Related topics