# Google Analytics

Providing remote metadata for a SAML Single Sign On installation

The metadata for Single Sign On via SAML can be provided via two different mechanisms. It can either be uploaded to the platform itself or provided as a https-based URL from which the metadata can be downloaded. This article explains the benefits of remote metadata and the requirements for both the iGrafx Cloud and on-premises (Datacenter) installations.

Benefits

SAML metadata files contain certificate information that can expire. It also contains information that may change as you change settings in your Identity Provider's configuration. By providing iGrafx with your remote metadata URL, your iGrafx Platform will periodically get the latest version of your metadata including any updated certificates. This reduces manual maintenance steps by IT and iGrafx Support.

Cloud Configuration

Requirements

Your metadata URL needs to be publicly available from the internet under a https-based URL. No sensitive information is commonly revealed in metadata files.

Step-by-step guide

  1. Retrieve the metadata URL from your Identity Provider (steps vary by provider)
  2. Send the metadata URL to iGrafx Support via the ECHO Support Desk
  3. The iGrafx Support will update the configuration and schedule a one-time platform restart to apply the change
  4. Your iGrafx Cloud platform is now using the Identity Provider updateable remote metadata for SAML SSO

Datacenter Configuration

Requirements

Your metadata URL needs to be available at any URL that can be reached from the server that is running the iGrafx Platform.

Step-by-step guide

  1. Retrieve the metadata URL from your Identity Provider (steps vary by provider)
  2. Edit the igrafx.properties file in your igrafxdata  installation folder and add the line

    igrafx.usercentral.saml.metadataurl=YOUR_METADATA_URL
  3. If the metadata URL is https, which it usually is, you might have to download the certificate for the respective website in X.509 format and import it into your SAML Keystore using the following command

    keytool -import -alias ALIAS_FOR_IDP -file YOUR_IDP_CERTIFICATE_FILE.cer -keystore samlKeystore.jks
  4. Restart the iGrafx Platform service
  5. Your iGrafx platform is now using the Identity Provider updateable remote metadata for SAML SSO