Has someone created an authentication method for FM using SAML?
Any idea, documentation or link is appreciated.
Thank you in advance
SAML is just a way to authenticate and get information out of another source. You can do this using Insert from URL.
Thank you Johan. I know that. I was just asking if someone has implemented this before.
Thank you anyway.
Johan Hedman wrote: SAML is just a way to authenticate and get information out of another source. You can do this using Insert from URL.
Johan Hedman wrote:
Not quite or not completely. SAML is a standard for passing authentication messages between systems. Meaning that the SAML is generated *AFTER* the user is authenticated, it's not a 'way to authenticate' as such. SAML is nothing more than a language, just like XML is. (it's actually XML). It's a message format. The message itself does not do anything, it just tells you what was done elsewhere.
Security Assertion Markup Language - Wikipedia
The most likely scenario is that the company is using one of the big Identity Providers (Ping, Okta, SiteMinder, CA,...) to provide account management and authentication. Can those be used for access to the FM solution? Can FM recognize the SAML assertion that these systems can send out when a user is successfully authenticated?
The short answer is: no. Not natively.
The long answer: yes, it can be done. But since it has to bypass the native security to some extent, there is a very real risk that it will actually compromise security. It would need to be done with an extremely high level of diligence and understanding of what it is that is being bypassed on the FM side and what the risks and potential impact of that is. And all of that needs to be documented and acknowledged by all parties involved.
Retrieving data ...