Share this page
SAML SSO settings
In the Administration settings > SAML SSO integration tab, you can enable single-sign-on (SSO) to UFT Mobile. This way, users can use one set of credentials for logging into UFT Mobile, as they do for logging into other SSO applications in their organization.
Note: When configuring UFT Mobile to work with SAML SSO, the connection to the UFT Mobile must be over SSL. For details, see UFT Mobile - Windows Installation (on-premises) or UFT Mobile- Linux Installation (on-premises).
In this topic:
Set up the SAML SSO integration
UFT Mobile supports single-sign on via SAML 2.0. SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider, such as UFT Mobile.
To enable SAML SSO integration, you need to add UFT Mobile to your Identity Provider (IdP). Refer to your Identity Provider documentation for instructions on how to configure your IdP for a new SAML 2.0 application. You will need information (metadata) about UFT Mobile when configuring your IdP. Download this by clicking the DOWNLOAD UFT Mobile METADATA link.
You will also need to add the following information from your IdP to UFT Mobile, so that SAML-based authentication requests can be sent to your IdP:
| IdP SAML metadata |
This can be a URL, or you can copy and paste the contents of the IdP metadata .xml file into this field. |
| Administrator login name |
This is a user, defined in the IdP, that will be granted UFT Mobile administrator permissions. Initially, only this user will be able to access the Administration menu |
| Username attribute identifier |
User attributes are information used to identify individual users. In this field, provide the SAML attribute name for the username attribute that the IdP uses for identification on sign in. Depending on how you configured your IdP, the username attribute for signing in can be an email address, or a unique user name. Tip: Find the attribute identifier in the AttributeStatement section of the IdP SAML response. Look for the SAML attribute name with a value that equals the attribute that IdP uses for identification on sign in. For example, if email address is used for authentication of users against the IdP, the identifier in the example below is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Alternatively, use {$id} to take the username from the subject of the SAML assertion, and not from Attribute section. |
to perform administration tasks such as configuring settings, and managing workspaces, licenses, and access keys. The administrator can assign admin permissions to additional users by changing the user role in Administration > Settings > Users. 
After you have successfully defined the SSO settings, you will be prompted to log out and to log in again using your organization credentials.
Update settings
You can update the SSO integration settings if needed. When you update any of the settings, you will be prompted to log out and to log in again using your organization credentials. If you disable SAML SSO, you will need to use your UFT Mobile credentials to log in again.
Note: When you enable or disable the SSO setting, all existing users, excluding admin@default.com, will be deleted.
If you enabled SSO but cannot log in to UFT Mobile as an administrator, for example, if you wrongly configured the administrator user, you can disable SAML SSO by running the User management script.
Note for UFT Mobile SaaS: The IdP must be accessible over the internet. Add the UFT Mobile SaaS address to your allowlist if needed.
See also:
