The SAML setting is available in our Professional packet. Please contact our sales department at sales@barium.se if you want access to SAML


Introduction:


SAML stands for "Security Assertion Markup Language" and allows users to login to Barium Live by using their organization's credentials, a so-called Single Sign On. 

In that way a user does not need to remember another username and password and can instead just use the same username they use when login to their intranet or computer depending on the setup.

For a more detailed description of SAML 2.0, see Technical Overview provided by OASIS: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html



The benefits with SAML 2.0:


The 3 biggest benefits to use SAML 2.0 are:


1. The user can use the same password  


2. Your organization controls who can login to Barium Live.   


3. SAML 2.0 works even if you are outside your organization's network. You can for example use your mobile phone to connect via SAML 2.0



Implementing SAML 2.0 with Barium Live:

 

For SAML 2.0 to work with Barium Live you need to set up an Identity Provider (IdP) on your organization's ADFS server or equivalent server.


1. The information you need from Barium to get SAML 2.0 to work on IdP side can be retrieved from this URL: https://login.bariumlive.com/identity/fedarationmetadata2.

There are four mandatory claims/attributes that needs to be sent in response to Barium

  • UserId - A unique value for each user within customer setup
  • Firstname - User first name
  • Lastname - User last name
  • Email - User email address. Value is also used as a username and must therefore be unique in Barium.

In addition to these claims it is also possible to send extra claims that could be used in a Barium application to add information to a logged in user.


2. The customer then needs to set up a URL to federationmetadata.xml. The URL usually looks something like this https://adfs.customer.com/federationmetadata/2007-06/federationmetadata.xml (SAML 2.0 won't work if Barium doesn't have a URL to federationmetadata.xml. Just the file won't work)


3. After Barium has retrieved the URL from the customer, Barium can start configuring SAML 2.0 setup.


4. Before Barium can activate SAML 2.0 a unique identifier for each user must be set for all existing users. This identifier can for example be an email address, a sAMAccountName or some other unique key.