Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication data between a service provider (such as Replicon) and an identity provider. SAML allows users to employ single sign-on, on web browser, and is typically used as an enterprise-level identity management solution.
Replicon can connect with SAML to assist users in logging into the application using their AD/NT credentials.
SAML authentication allows Single sign-on to Replicon. This implies that when users access the SAML website, they will be prompted for their NT/AD credentials, while they are accessing the URL from outside the network or have used local system credentials to log into their workstation. Once the user is authenticated, the request is forwarded to the Replicon URL defined during the SAML setup.
The application is configured to support SAML authentication hence the users are expected to access the SAML website instead of the Replicon URL since the authentication is completed on the SAML website. The SAML Identity Provider redirects all requests to the Replicon application, once the authentication is completed.
The users’ log-in credentials are verified on the Domain Controller or Active Directory and only the user name is forwarded to the Replicon database to ensure that the user exists in Replicon. If the user is found, the timesheet is loaded, without the need for the user to re-authenticate.
A user is considered to be logged into the application until the user logs out of the application to signify the termination of the session. If the user closes the browser the session is still active unless the session cookie is deleted or overridden. At no point of time, will the Replicon server or the database server, cache the login credentials of the user.
SAML is installed on one of the server within the office network and is hosted on IIS hence, if a user is unaware of the URL for the SAML website, they will have to contact their local Admin or the IT Help Desk.
How will SAML setup change the end user experience?
Before SAML setup:
User will access the link – http: //login.replicon.com. Enter the user credentials, which are, the company name, username and password to access the Replicon account.
After SAML setup:
User will use the internal URL provided by the IT team to access their Replicon account.
When on SAML, users may or may not get a password prompt. This will depend on the browser settings and also on the browser which the user is using.
When the user is prompted for username and password, he\she will have to enter their Active Directory credentials to login to the Replicon application. User should not enter the their Domain name as a part of the username. So if my Domain is D1 and username is U2, I should type the username as U2 and not D1\U2.