Step 6: Validate IdP

This step is to validate the IdP, verifying the IdP configuration is correct and the communication between ALM as SP and the IdP can succeed. The first IdP to validate before you enable SSO should be "alm".

Prerequisites

Complete the following before you validate the IdP.

  • At least one ALM user with the Site Administrator role is already mapped to an IdP user or set as a local user. Otherwise, no user can configure ALM as Site Administrator.
  • Add the ALM and IdP URLs into the IE trusted URLs.

Back to top

Validate IdP in SSO Configuration Tool

You use this method for non-SaaS environments only.

For SaaS environments, you can only Send validation URL to IdP users for validation.

To validate IdP in SSO Configuration Tool:

  1. In the SSO Configuration Tool, click the IdP name, and click Validate in the bottom to start validation.
  2. Your IdP login page opens. Enter your IdP username and password.
  3. The login page closes if you pass the validation. And a pass indicator is displayed in the front of the IdP name.

    If you fail the validation, a failure indicator is displayed.

  4. After you pass the validation, click Enable SSO.

    Once SSO authentication is enabled, it cannot be disabled.

Back to top

Send validation URL to IdP users for validation

In addition to validating an IdP in the SSO configuration Tool, you can also copy the validation URL and send it to IdP users to let them validate the IdP.

Note: In SaaS environment, you can only send the validation URL to IdP users for SSO validation.

  1. Click the IdP name, and click Copy Validation URL in the bottom.
  2. In the Copy Validation URL window, click the copy link icon ().
  3. Send the link to IdP users for validation.

    When the IdP users open the link, they will be redirected to the IdP login page. After entering the IdP username and password, they will be redirected to a page that tells whether or not the validation succeed, and if not, what the reasons are.

    If email notification is enabled, the specified site admin users will receive emails about who accessed the SSO validation URL. For details, see Step 6: Validate IdP.

Back to top

Enable SSO without validating IdP

If you enabled local authentication, you do not have to validate the IdP. You can directly enable SSO.

Before you directly enable SSO, we recommend you do either of the following:

  • Set your IdP ID to "local" if you are not mapped to an IdP user yet.
  • Set your IdP ID to a real IdP name if you are already mapped to an IdP user.

Otherwise, after you enable SSO, no one is able to access ALM if SSO fails to work and if none of the other site administrator users have set their IdP IDs to "local" or real IdP names.

Back to top

FAQ

Back to top

Next steps: