Identity as a Service includes a number of cloud applications for you to integrate with Identity as a Service for two-factor authentication. If you want to protect a cloud service that is not pre-configured with Identity as a Service, you can add it as a generic SAML service provider application (see Add a Generic SAML application in the Administrator Help).
Attention: Entrust tests and validates SAML integrations with Identity as a Service. The integration guides provide instructions for configuring SAML authentication with the SAML application version tested by Entrust. Some configuration steps may differ from the documentation provided or the steps in the integration guides may not be effective (due to Entrust not having tested and validated with the version you are using). For different versions, the integration guides may still offer a standard base to help fast-track SAML authentication setup for your application, but in the event there are issues, contact support@entrust.com for assistance.
IMPORTANT: If you have already integrated a SAML application with Identity as a Service, you must update the signing certificate with the new signing certificate (SAML Certificate 2024). See Create SAML signing certificates for more information.
In addition to the standard SAML xml request attributes and elements, SAML supports the following one:
NameID
SAML also supports a configured request parameter, which may specify a login hint instead of using NameID.
SAML does not support the following SAML xml request attributes/elements:
AllowCreate
ForceAuthn
IsPassive
RequestedAuthnContext
SAML does not support the following feature:
Authentication request signature verification
You can protect access to your SAML applications by integrating them with Identity as a Service. Once integrated, users can authenticate to their SAML application through Identity as a Service.
When configuring adding your SAML application to IDaaS and your SAML service provider supports SAML SP-initiated logout, set the Single Logout Service URL to the value supplied by your SAML service provider. Otherwise, leave it blank.
Identity as a Service performs session logout based on the Authentication Session Lifetime (see Manage General settings). The default value for this setting is 15 minutes. Set this parameter to an appropriate value according to your site security policy.
Identity as a Service also supports SP-initiated logout (SLO) from a SAML client application. In this case, the SAML application can be configured with a Single Logout URL. When a SAML request is sent, using either the HTTP-Redirect or HTTP-POST SAML binding, Identity as a Service logs out the current user session and the user is redirected to the configured Single Logout URL of the SAML client application using HTTP-POST binding. The binding used in the response is not configurable.
SAML SP-initiated logout is not propagated to all other SAML SPs.
Identity as a Service does not support IDP-initiated SAML logout.
Topics in this section:
Integrate ConnectWise ScreenConnect
Integrate Microsoft Office 365
Integrate Mobile Microsoft Office 365 applications