Navigate from Platform Configuration > Security > Authentication. 

The Authentication section allows administrators to configure the LDAP, SAML and OAuth settings. These settings:

  • Are required if administrators want restricted access to the Hub from other applications. 
  • Allows administrators to manage users from their company's LDAP server. 
  • Enable Single Sign On (SSO) for users. 


Option Fields Description
LDAP Directory Server Select the LDAP directory server that your company uses. 
  On-premise AD Bridge

Allows specification of the AD bridge address and token to connect to the directory.

If this checkbox is enabled, specify the bridge address and the bridge token.  

  Manage via AD Groups Allows the management of users through Active Directory groups. 
  Recursive Groups Enables the use of a recursive group structure. 
  AD Secure Allows the use of LDAP over the Secure Socket Layer (SSL).  

Specify the port number to connect to the server.

The default value is 389. It is 636 for AD Secure. 

  Active Forest Add multiple Forest structure details of your Active Directory network. 
  Username Enter a valid username. 

Enter a valid password. 

The username and password is for the testing of connection to the LDAP server. 

SAML Enable SAML  Select the checkbox to enable exchange of authorization and authentication. 
  SP Public Certificate Download the public certificate that is used when the Service Provider information is added to the Identity Provider. 
  SP Rollover Certificate When the current SP certificate is within 4 weeks of expiry a new certificate will be provided via this link for customers who choose to sign SAML assertions.
  SP Metadata Download the metadata file that is used automatically negotiate agreements. 
  Single Sign-On Binding Select the SAML binding to use for sign-on. 
  Single Sign-Off Binding Select the SAML binding that to use for Sign-off. 
  Metadata File Select and upload the IdP metadata file. This overwrites the manually set values. 
  Entity ID Enter the URI for the IdP entity.  
  Single Sign-On URL Enter the URL of the IdP to which the Hub sends the authentication request message. 
  Single Sign-Off URL Enter the URL of the IdP to which the Hub sends the SLO request. 
  X.509 Public Certificate Paste the public X.509 certificate of the IDP. 
  Sign Messages Enables the requirement of signing the samlp Response, LogoutRequest and LogoutResponse elements that are received by the hub. 
  Sign Assertions Enables the requirement of signing the samlp Assertion elements that are received by the Hub. 
  Encrypt NameID Enables the requirement of signing the NameID that is received by the Hub. 
OAuth Access Token Expiry Select the duration of the token expiry, after which the token can no longer be used. 
  Refresh Token Using the slider, select the duration after which the tokens are refreshed.  
Was this article helpful?
0 out of 0 found this helpful