Navigate from Platform Configuration > Security > Authentication. 

The Authentication section allows administrators to configure the LDAP, SAML and OAuth settings. These settings:

  • Are required if administrators want restricted access to the Hub from other applications. 
  • Allows administrators to manage users from their company's LDAP server. 
  • Enable Single Sign On (SSO) for users.

LDAPDirectory ServerSelect the LDAP directory server that your company uses. 

On-premise AD Bridge

Allows specification of the AD bridge address and token to connect to the directory.

If this checkbox is enabled, specify the bridge address and the bridge token.  

Manage via AD GroupsAllows the management of users through Active Directory groups. 

Recursive GroupsEnables the use of a recursive group structure. 

AD SecureAllows the use of LDAP over the Secure Socket Layer (SSL).  


Specify the port number to connect to the server.

The default value is 389. It is 636 for AD Secure. 

Active ForestAdd multiple Forest structure details of your Active Directory network. 

UsernameEnter a valid username. 


Enter a valid password. 

The username and password is for the testing of connection to the LDAP server. 

SAMLEnable SAML Select the checkbox to enable exchange of authorization and authentication. 

SP Public CertificateDownload the public certificate that is used when the Service Provider information is added to the Identity Provider. 

SP Rollover CertificateWhen the current SP certificate is within 4 weeks of expiry a new certificate will be provided via this link for customers who choose to sign SAML assertions.

SP MetadataDownload the metadata file that is used automatically negotiate agreements. 

Single Sign-On BindingSelect the SAML binding to use for sign-on. 

Single Sign-Off BindingSelect the SAML binding that to use for Sign-off. 

Metadata FileSelect and upload the IdP metadata file. This overwrites the manually set values. 

Entity IDEnter the URI for the IdP entity.  

Single Sign-On URLEnter the URL of the IdP to which the Hub sends the authentication request message. 

Single Sign-Off URLEnter the URL of the IdP to which the Hub sends the SLO request. 

X.509 Public CertificatePaste the public X.509 certificate of the IDP. 

Sign MessagesEnables the requirement of signing the samlp Response, LogoutRequest and LogoutResponse elements that are received by the hub. 

Sign AssertionsEnables the requirement of signing the samlp Assertion elements that are received by the Hub. 

Encrypt NameIDEnables the requirement of signing the NameID that is received by the Hub. 
OAuthAccess Token ExpirySelect the duration of the token expiry, after which the token can no longer be used. 

Refresh TokenUsing the slider, select the duration after which the tokens are refreshed.