Configuring Cleo Integration Cloud to use SAML

Cleo creates associations between tenants and domains as part of creating and maintaining tenants. SAML is managed on a per-tenant basis, which means, as an Admin, you can configure SAML for a given tenant for which you have Admin privileges. Any domains that Cleo has associated with that tenant are subject to that SAML configuration. SSO is enforced on a per-domain basis, which means that any user belonging to a domain configured for SAML will use SSO for any tenant they attempt to log in to.

Note: Cleo Support must enable SAML for your tenant before you can access the SAML page.

Use the Admin > SAML page to configure Cleo Integration Cloud to use SAML for single-sign on.

Use these fields to customize your application. Changes you make are previewed as you make them.

Enable SAML for all users of the domain
Select this check box to authenticate all users of the domain via IDP using the SAML protocol. If you select only this option, your SAML login page is displayed when users invoke Cleo Integration Cloud.
Also allows you to disable SAML so that an adminstrator can log in using their user name and password, for example, to the system to troubleshoot.
Important: Before you select this check box, make sure you have imported your IDP information and your IDP has your SP information.

Service Provider

Cleo provides you with the information in this section of the page to configure your IDP. You provide this information to your IDP to enable the IDP to trust Cleo Integration Cloud.

Note: Your IDP might use different names for the data provided in the fields below. Check with your IDP for more information.
Entity ID (Audience)
Identifies the application for which single sign-on is being configured. Sometimes also referred to as audience.
Assertion Consumer Service
Identifies the URL that expects to receive the SAML assertion.
Sign In URI
The Cleo Integration Cloud login page. Sometimes required for IDP configuration.

Identity Provider

You provide access to a metadata file containing information about the Identity Provider (IDP).

Metadata XML
Provides information (as metadata) about the IDP in .xml format. You can provide an address from which to download a file or select a file to import directly.
Enter publicly accessible URL to metadata file
Select this option and enter an URL from which you want the application to download the metadata .xml file.
Import as a file (.xml)
Browse to and select a local .xml file containing the metadata.

Attribute Mappings

Attribute mappings allow Cleo Integration Cloud to identify various parts of a SAML assertion.

Email Attribute
The attribute name used by the IDP to indentify the email address in the SAML assertion.