Use this basic workflow for setting up the SAML IdP Service. Most of the workflow occurs on the
Supervisor station. However, there are a few steps that must be completed on the remote station(s).
On the
Supervisor station
The platform must be licensed for samlDP.
- Install the SAML IdP Service.
- Configure properties for the SAML IdP Service.
- Configure the Circle Of Trust.
- Add subordinate stations.
- Add users.
- Specify any additional authentication schemes that may be used when logging in.
NOTE: This is necessary only to add users that do not yet exist in the Supervisor, such as LDAP users.
- Specify the names of the user prototypes for all of the users that are included in this COT. These are the names of the prototypes
that already exist in the subordinate station(s).
- Configure the subordinate station(s) for SAMLIdPService by running a provisioning job with this step: Configure Niagara IdP & Saml Scheme.
On each Subordinate Station
- Set up User Prototypes. These will be used as templates to create the users upon login to the station.
- A signing Certificate (Server cert with both public and private keys) is required. The provisioning job runs on the
Supervisor generates the necessary cert.
- The SAML Authentication Scheme must be installed and configured. The provisioning job runs on the
Supervisor creates the necessary scheme.