The Identity provider view

Use this view in Admin Center to specify identity provider settings for use with single sign-on.

To access this view in Admin Center: Log in as a partner administrator, navigate to the Identity providers view and click ADD.

Use this view in Admin Center to specify identity provider settings for use with single sign-on. The settings that appear vary depending on your selection in the Protocol setting.

Name The descriptive name of the identity provider as it appears in the Identity providers view and the Identity provider setting. This name does not have to match the actual name of the identity provider. If you use Open ID Connect as the Protocol and select Show on login page, this text appears on the login button.
Logout redirect address The URL that you want to redirect users to after they log out of Tungsten AP Essentials.
Protocol The protocol to use for authentication.
  • OpenID Connect
  • SAML 2.0 (Identity Provider Initiated)
OpenID Connect
Authority

The URL of the identity provider.

OpenID Connect authorities (identity providers) must be whitelisted before use. Contact support to request whitelisting.

Client ID The client ID provided by the identity provider.
Display on login page Determines whether a login button for this Identity provider appears on the Tungsten AP Essentials login page. The button appears under the normal login button.
SAML 2.0
Issuer The issuer of claims. This setting specifies the name of the system that issues single sign-on requests, and it must match the name specified in the identity provider. The Issuer can be, for example, "ExamplePartnerName", "urn:ExamplePartnerName", "https://example.com/" or any other value as long as it matches the value that is specified in the identity provider.
Response signature certificate A public certificate from the Issuer (required). This certificate is used to validate the response signature. Only certificates that are uploaded to the Resources view are available for selection.
Assertion signature certificate The certificate to use when validating assertion signatures (optional).
  • If no certificate is specified, Tungsten AP Essentials validates that the assertions are not signed.

  • If you specify a certificate here, Tungsten AP Essentials uses it to validate the assertion signature.

Grace period (seconds) Specifies the amount of time (skew time) in seconds that a SAML ticket is valid after it expires. In theory, an assertion ticket should not be valid after it expires, but sometimes you need a buffer because the clocks on different systems are not always synchronized exactly. In this case, you can specify a grace period to account for discrepancies between the clocks of different systems.