Assertiv supports many applications out-of-the-box. However you may come across an application that is not supported, or if it is supported, cannot be customized to your requirements. In these scenarios, the Custom SAML2 Application template may give you the flexibility you need.
This connector will require a working understanding of SAML 2.0. There is terminology which may be unfamiliar to those who are using SAML 2.0 for the first time.
Configuring a Custom SAML2 Application
Log into your Assertiv Organization (https://<your-org>.assertiv.com) as an Admin user and select the App Config dashboard tile.
Select the plus () button to create a new App config.
Select the Custom SAML2 Application icon. It will always be the first application on this page.
The following page will have numerous configuration options. These options are described individually in the following sections.
If you have been provided the SAML 2 metadata from your Service Provider, you can use the Load Metadata button to pre-fill some fields.
Note: This has been built as a convenience method and should not be relied on for complete configuration.
The following section has several fields which will may require information to be provided.
Service Provider Name: This is the name of the application you are setting up. This value will be used as a label in application listings for your organization.
Signing Certificate: The certificate is used to create a trust between Assertiv and your Service Provider. For advanced users, if you have created a certificate you wish to use, select it here. Otherwise (or if you are unsure) you can select "-- Generate New Signing Certificate --".
Name ID Attribute: This user attribute is what will be used in the NameID section of the SAML assertion which is generated by Assertiv. This is typically a username or email address.
Default Relay State: If your service provider requires a default relay state, this value can be provided here.
Service Provider Name Qualifier: A reference to a service provider or organization that can qualify a SAML name.
Audience URI: A reference to the service provider or specific destination audience for SAML assertions generated by Assertiv for this application.
Some service providers may require additional information to be provided about a user such as given name, surname, email address and role information.
It is best to check with the Service Provider (or their metadata) for what is required in an attribute statement.
In the above example, we are including a User.Email attribute which maps to the authenticated user's Email Address in Assertiv.
Click Add New Attribute to add more attributes to the attribute statement. An option is also available to set a static/constant value, if that is required by the Service Provider.
If you wish to remove an attribute from the attribute statement, click the icon in the corner of the attribute's panel.
When your configuration is ready, click on Save to create the application.
After saving your SAML application, you are redirected to the configuration page. At the bottom of this screen you can view and export the metadata for this application.
This is always accessible from the edit service screen.
In order for your users to access your application from their Assertiv apps page, you must set up a role, assign users to the role, and give that role permission to access the application. This is required for testing the integration as well.
More details on roles can be found in the following articles
Accessing Your Custom Application
When you have completed the creation of the Custom SAML2 application and configured a role (and granted the role to users), the application should be available from the Apps page in Assertiv.