Step 1: Configure the SAML SSO Identity Provider

This section describes SAML assertions and their attributes. In an assertion, the group attribute identifies the user group of a user. Ensure that the identity provider includes one user group for each API Portal user role.
apip43
This section describes SAML assertions and their attributes. In an assertion, the group attribute identifies the user group of a user. Ensure that the identity provider includes one user group for each API Portal user role.
About SAML Assertions Generated by Identity Provider
When a user attempts to log in to the API Portal, the identity provider receives and checks the user’s credentials. If the credentials are valid, the identity provider generates a SAML 2.0 assertion, packages it in a token, and sends the token to the API Portal.
The generated assertion includes an attribute statement with user information that is user similar to the following:
  • username
  • email
  • first name
  • last name
  • one or more user groups
  • organization
     The assertion that your identity provider generates might contain additional attributes and the attribute names might differ from the names suggested by the above list and following example.
The following code snippet is an example of a SAML 2.0 attribute statement:
exmaple code.png
Add User Groups to the Identity Provider
The assertion that your identity provider generates lists the user group(s) of the user. See “About SAML Assertions Generated by Identity Provider”.
Ensure that the identity provider includes one user group for each API Portal user role. Your identity provider administrator must add the user groups.
Later the API Portal Administrator maps user roles to user groups. See “Configure the SAML SSO Plugin”.
There are two types of user roles on the API Portal: internal and external. Internal users manage the API portal. Internal user roles are:
  • Administrator
  • businessManager
  • accountManager
  • apiOwner
  • webAdmin
  • cmsuser
External users are developers who use the API Portal. External user roles are:
  • organizationAdmin
  • registeredUser (developer)