- Domain - The URL of the page through which SSO is performed for the IdP - the landing page.
- Issuer - The Identity Provider’s entity ID.
- Single-Sign-On Service URL - The Identity Provider’s SSO URL.
- Single-Sign-On Service Binding - The type of SSO binding.
- Single Logout Service URL - The IdP’s SLO URL.
- Single Logout Service Binding - The type of SLO binding.
- Name ID Format - The format of the nameID.
- User Email Attribute Name - The user email mapping name on the IdP.
- First Name Attribute Name - The first name mapping name on the IdP.
- Last Name Attribute Name - The last name mapping name on the IdP.
- Manage Permissions on Console - Select this option to maintain and manage user permissions within the console. Once the user has been created, the console admin can add or remove permissions by association to permission groups via the console Manage Groups page.
- Initial Permission Group - Users will be associated with this Gigya permissions group upon their initial login. By default, users will be added to the 'no permissions' group which has no permissions. Users of this group will not be able to access the console, until they are associated with an appropriate permission group by an admin.
- Manage Permissions on IdP - Select this option to manage the permissions on the IdP. Gigya will receive user permissions by the IdP on every login. When choosing this mode, users with no permissions will not appear in the console's Manage Groups tab, as their group association is not managed by Gigya.
The attribute in the IdP response may contain several values. Each value is treated as a separate group and mapped to the appropriate user group, so a user can be assigned to several user groups. Unmapped groups will be ignored. If no mapped value is returned in the response, the user will be placed under the default group.
- Default Permission Group - Users will receive the permissions of this Gigya group when no mapped value is returned in the response. By default, users will be added to the 'no permissions' group which has no permissions. Users of this group will not be able to access the console, until they are associated with an appropriate permission group by the IdP.
- Idp Attribute Name for Permission Group - The Identity provider's attribute name for the permission group.
Group Mapping - The mapping of the IdP groups to the Console groups.
You can only map a user to a single Gigya group. Mapping to multiple groups inside the Gigya Console is not supported.
Users that are logged in via Console SAML Login do not have access to their User Key and User Secret from the Account section of the Console.
- x509 Certificate - The IdP x509 certificate.