Introduction:


SAML stands for "Security Assertion Markup Language" and allows users to login to Barium Live by using there organizations credentials a so called Single Sign-on . 

In that way a user do not need to remember another username and password and can instead just use the same username they use when login to there intranet or computer depending on the setup.



The benefits with SAML 2.0:


The 3 biggest benefits to use SAML 2.0 are:


1. The user can use the same password  


2. Your organization controls is who can login to Barium Live.   


3. SAML 2.0 works even if you are outside your organizations network. You can for example use your mobile phone to connect via SAML 2.0



Implementing SAML 2.0 with Barium Live:

 

For SAML 2.0 to work with Barium live you need to set up an Identity Provider (IDP) on your organizations ADFS server or equivalent server. 


1. The information Barium Live needs to get SAML 2.0 to work can be retrieved from this URL: https://login.bariumlive.com/identity/fedarationmetadata2.


2. The customer then need to set up a URL to federationmetadata.xml. The URL usually looks something like this https://adfs.customer.com/federationmetadata/2007-06/federationmetadata.xml (SAML 2.0 won't work if Barium doesn't have a URL to federationmetadata.xml. Just the file won't work)


3. After Barium have retrieved the URL from the customer, Barium can start configure of SAML 2.0.


4. Before Barium can activate SAML 2.0 a unique identifier for each user must be set for all existing users. This identifier can for example be an e-mail adress, a sAMAccountName or some other unique key.