Set SAML authentication(cloud version)

CELF supports authentication that complies with SAML (Security Assertion Markup Language) 2.0.
To use SAML authentication, you need to establish a trust relationship between the Identity Provider (IdP) and the Service Provider (SP).
The CELF service does not include IdP functionality, so please ensure that there is an available IdP in your environment.

Configure both the IdP and the SP (CELF) according to the following steps.

1. IdP Configuration

2. SP (CELF) Configuration

3. User Creation in CELF

4. Enable SAML Authentication

IdP Configuration

Register CELF as a Service Provider (SP) with your IdP.

  • ACS URL

    https://[*1Domain Name]/saml/[*2Company ID]/CELF.sso/SAML2/POST

  • Entity ID

    https://[*1Domain Name]/saml/[*2Company ID]/sp

  • Element to Identify Users

    ameID"

Attention

  • *1 For the cloud version, please specify "cloud.celf.jp".
  • *2 Use lowercase letters for the alphabetic portion of the Company ID.

SP (CELF) Configuration

  1. Open 'System' tab in "Manage" screen.
  2. Click 'Set' button under 'SAML authentication'.
../../../_images/img_03.en131.png
  1. Set the SAML authentication in 'SAML authentication settings' dialog.
../../../_images/img_04.en116.png

[1] Enable SAML authentication

Enable login to CELF with SAML authentication.

[2] Identity Provider Entity ID

Enter the entity ID of the Identity Provider to be integrated.

[3] Identity Provider metadata

Upload the metadata file obtained from the Identity Provider to be integrated.

[4] Signature certificate obtained from Identity Provider

Upload the certificate containing the public key that the Identity Provider uses to verify signatures.

Hint

  • When uploading new files for “Identity Provider metadata” or “Signature certificate obtained from the Identity Provider”select them from the file selection dialog that appears when you click the “Select File” button.

    ../../../_images/img_05.en102.png

  • To cancel the upload, click the “Cancel” button.

    ../../../_images/img_06.en83.png
  1. Click 'Register' button.

Attention

  • When SAML authentication is enabled, you must enter the “Identity Provider Entity ID”, “Identity Provider Metadata” and “Signature Certificate obtained from the Identity Provider”
  • If the “Identity Provider metadata” and “Signature certificate obtained from the Identity Provider” are already registered on the CELF server, you do not need to enter them. If they are registered, ‘Registered’ will be displayed for “Current metadata file” and “Current certificate”.
  • After clicking the "Register" button, it may take a few minutes for the settings to be applied.

Download the Service Provider metadata

  1. In the “SAML Authentication Settings” dialog, click the URL for downloading the Service Provider metadata to download the metadata file.
../../../_images/img_07.en79.png

Hint

If requested by the Identity Provider administrator to provide Service Provider metadata, download the metadata file from this dialog.

User Creation in CELF

Create users who will log in to CELF.

  • User ID

    Specify the email address that you set as the Name ID in your IdP.

  • User Name

    Optional

  • Password

    Optional (used when logging in without SAML authentication).

Log in with SAML authentication

You can toggle the use of SAML authentication by turning the "Do not use SAML authentication" checkbox on or off, which is located to the right of the "Login" button.
Clear the checkbox to log in via SAML authentication.

Related keywords

account, log on, sign in, session, authentication, certification


Important

  • To log in using SAML authentication from the CELF client, you must check the “Use SAML authentication” option during the CELF client installation.
../../../_images/celf_help_mascot33.png