SAMLConfigure SAMLConfigure the assertion rules

Configure the assertion rules

To allow the portal to check the assertion it receives from the IdP, you have to configure the set of rules according to which the user type and user context can be determined.

To configure the SAML assertion rules, complete the following steps.

  1. In the Worklist, select Configuration > SAML settings.
  2. Select the SAML SSO Assertion Configuration entry.
  3. In the Info pane, in the First user login behavior list, select the logic according to which user accounts are created in the SSO scenario.

    • User-record must already exist in the portal: Users can only log in if their account has already been created in the portal.

    • Create user-record on first login: A new user account is created when the user logs in to the portal for the first time.

  4. In the corresponding boxes, define the attributes that should be used to authenticate the user. You must define at least the user name and email attributes.
    Example: UserID, Email, Telephone, and Language.
  5. In the Mapping by list, select the method with which users are mapped between Supplier Portal and the external SSO provider.

    • By email: Users are mapped by email address. The user email address in the external SSO provider must be the same as the email address in Supplier Portal. Recommended if suppliers are authenticated through the Identity Provider.

    • By user name: Users are mapped by user name. The user name in the external SSO provider must be the same as the user name in Supplier Portal.

  6. In the Default locale list, select the interface language.
  7. If supplier users should be allowed to use SSO, in the Supplier specific Settings pane, select the Enable SAML SSO Login for suppliers checkbox.
    It is recommended to activate this functionality only if the corresponding IdP provides the infrastructure, where it is necessary to provide the vendor and company code information to the portal.

    The Supplier user setting with SAML SSO Login group is displayed.

  8. From the Vendor details determined by list, select the logic according to which the vendor information related to the supplier user should be provided.

    • If the vendor information should not be provided as part of the SSO scenario, select Self-registration on first login.

    • If the vendor information should be sent by the IdP, select Sent by IDP in request and, in the Attribute 'vendors' box, define the attribute that should hold the vendor information.

  9. Supplier users can be assigned to more than one vendor and they can be restricted to specific business units or company codes within a vendor. Define the characters that should be used to separate vendor numbers and company codes in the SSO request.

    • If several vendor numbers are provided in the SSO request, the character you enter in the Delimiter between vendor numbers box is used as the separator.

    • If several company codes are provided in the SSO request, the character you enter in the Delimiter between company codes box is used as the separator.

    • If a combination of vendor number and company code is provided in the SSO request, the character you enter in the Delimiter between vendor number / company codes box is used as the separator.

  10. If buyer users should be allowed to use SSO, in the Buyer specific settings pane, select the Enable SAML SSO Login for buyers checkbox.

    The Buyer user SAML setting group is displayed.

  11. From the Default group list, select the group, the buyer admin user should be assigned to.
  12. Click Save.