The SAML setting is available in our Professional package. Please contact our sales department at sales@barium.se if you want access to SAML.


Introduction:


SAML stands for "Security Assertion Markup Language" and allows users to log in to InRule Process Automation by using their organization's credentials, a Single Sign On. 


For a more detailed description of SAML 2.0, see Technical Overview provided by OASIS: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html



The benefits with SAML 2.0:


The 3 biggest benefits to use SAML 2.0 are:


1. The user can use the same login information.  


2. Your organization controls who can log in to Process Automation.   


3. SAML 2.0 works even if you are outside your organization's network. For example, you can use your mobile phone to connect via SAML 2.0



Implementing SAML 2.0 with Process Automation:

 

For SAML 2.0 to work with Process Automation you need to set up an Identity Provider (IdP) on your organization's ADFS server or equivalent server.


1. The information you need from InRule to get SAML 2.0 to work on the IdP side can be retrieved from this URL: https://login.bariumlive.com/identity/fedarationmetadata2.

There are four mandatory claims/attributes that need to be sent in response to InRule Process Automation

  • UserId - A unique value for each user within customer setup
  • Firstname - User first name
  • Lastname - User last name
  • Email - User email address. Value is also used as a username and must therefore be unique in InRule.

In addition to these claims, it is also possible to send extra claims that could be used in a Process Automation application to add information to a logged in user.


2. The customer then needs to set up a URL to federationmetadata.xml. The URL usually looks something like this https://adfs.customer.com/federationmetadata/2007-06/federationmetadata.xml (SAML 2.0 will not work if Process Automation does not have a URL to federationmetadata.xml. Using just the file will not work)


3. After Process Automation has retrieved the URL from the customer, InRule can start configuring SAML 2.0 setup.


4. Before InRule can activate SAML 2.0 a unique identifier for each user must be set for all existing users. This identifier can for example be an email address, a sAMAccountName, or some other unique key.