FAQ

This section contains Frequently Asked Questions and answers.
apip43
This section contains Frequently Asked Questions and answers.
SAML Frequently Asked Questions
This section lists the Frequently Asked Questions regarding SAML integration with
API Portal
.
  • Do we provide Just-in-Time Provisioning for SAML? How users are provisioned in API Portal from the IdP?
    API Portal
    does not support user creation and management in IdP. User management has to be done at the SAML IdP.
    Assuming we are talking about Just-in-Time provisioning of user in API Portal, after being authenticated from the IdP, user attributes are passed on from IdP to
    API Portal
    with Authentication Response and based on attributes that are propagated, we provision user in API Portal.
  • I
    s it possible to have different IdP per organizations? For example, organization 1 is federated with IdP 1, and organization 2 is federated with organization 2. Is it possible to have organizations with user accounts managed locally in the API Portal and others organizations federated with an IdP?
    Portal supports multiple IdP configurations at tenant level, and not at organizational level.
  • How are users created in the
    API Portal
    (Hybrid SaaS Portal) when using SAML Authentication?
    When IdP is configured with
    API Portal
    , Portal administrators and Organization administrators can still create and manage users in Portal authenticated using CA APIM Authentication Scheme. For information about how to manage users from Portal, see the Get Started - User Types, Roles and Permissions section.
  • How are users managed, for example, when a user leaves their organization?
    Users that are created in
    API Portal
    , the Portal administrator can delete the user profile. If there is IdP integration, the users are managed from the IdP side and the
    API Portal
    do not manage those users.
  • What is the workflow for SAML assertion authentication?
    After API Portal is integrated with SAML IdP, you can set the SAML authentication scheme as a default scheme.
    API Portal
    renders the selected SAML IdP login page to prompt for user credentials.
    If the SAML authentication scheme is not set as a default authentication scheme, the SAML provider is listed on the API Portal login page. Click the SAML provider to open the SAML IdP login page. Provide the user credentials that are verified on the SAML IdP, and the user is logged in to CA API Developer Portal.  The SAML response assertion is sent to
    API Portal
    and user is logs in to
    API Portal
    .