SAML Setup Guide for the iGrafx Identity Solution
What is SAML2?
SAML stands for Security Assertion Markup Language and is used to provide Single-Sign-On (SSO) services to end users. It is used as a data exchange format between Service Providers (web applications that require their users to be authenticated) and Identity Providers (web applications that provide the required authentication). The iGrafx Identify solution acts as a Service Provider (SP) in this scenario, while your Azure AD, ADFS server or Okta instance acts as an Identity Provider (IDP).
SAML Flow with the iGrafx Identity Solution
Requirements
SAML 2.0 compatible Identity Provider
NameID format is email address
General Basic SAML configuration
For Europe/EMEA
Identifier (Entity ID of the Service Provider):
https://id.igrafxcloud.eu/realms/igrafx
The specific Reply URL for your iGrafx Process360 Live will be provided to your by iGrafx
ACS/Reply URL:https://id.igrafxcloud.eu/realms/igrafx/broker/YourTenant-idp-1/endpoint
Sign on URL:
https://YOUR_SUBDOMAIN.igrafxcloud.com
Rest of the World/NA
Identifier (Entity ID of the Service Provider):
https://id.igrafxcloud.com/realms/igrafx
The specific Reply URL for your iGrafx Process360 Live will be provided to your by iGrafx
ACS/Reply URL:https://id.igrafxcloud.com/realms/igrafx/broker/YourTenant-idp-1/endpoint
Sign on URL:
https://YOUR_SUBDOMAIN.igrafxcloud.com
SAML IDP Initiated SSO
IDP initiated SSO is available in preview. To use this feature, you’ll need to add an additional ACS/Reply URL to your SAML application and configure it to use this new URL for IDP initiated SSO (This is generally setting it as the default ACS/SSO URL).
The additional url can be made by copying the YourTenant-idp-1
part of your Reply URL and adding it as /clients/YourTenant-idp-1
to the end of your existing ACS/Reply URL. Your two URLs would look like depending on your region:
https://id.igrafxcloud.com/realms/igrafx/broker/YourTenant-idp-1/endpoint
https://id.igrafxcloud.com/realms/igrafx/broker/YourTenant-idp-1/endpoint/clients/YourTenant-idp-1
Identity Provider Guides
You cannot use Single Sign on with your iGrafx Desktop client (Flowcharter Product).
To connect with your Process Design app, use the API authentication method.