Knowledge Base

Skip to main content
How Can We Help?


Megan E. Shankle
Vice President, Client Relationships
Office: 301-519-3776 x 118
Cell: 240-439-9336
mshankle@isgsolutions.com

Table of Contents
< All Topics
Print

ISG’s SAML SSO Guide 

Overview 

ISG’s SAML SSO for iMIS offers a Single Sign-On (SSO) process with one of the most popular open industry standard protocols: Security Assertion Markup Language (SAML). 

Using SAML a third party can securely authenticate users in iMIS and send data back to the third party after a successful login has occurred, iMIS becomes your source of login and authentication (Identity Provider – IdP). 

How does SAML work? A trust relationship is previously established exchanging metadata between 2 entities: Identity Provider (IdP – The owner of the user’s database) and Service Provider (SP – The system requesting authentication information). The SP will request authentication to the IdP for a user. The IdP will validate the user and return authentication information through a SAML assertion. 

Workflows 

  • Identity Provider (IdP): iMIS site 
  • Service Provider (SP): Client or Vendor application 

Sign-In Workflow 

User Workflow Service Provider Workflow 
Anonymous user starts on Service Provider site and clicks link requiring authentication SP redirects to IdP (IdP or SP initiated communication) 
Anonymous user lands on iMIS sign in page and enters iMIS credentials  User is signed into IdP 
User lands on Service Provider site & is signed into both iMIS and Service Provider site IdP SSO process passes the SAML Response to SP via POST method SP receives user data and maintains session 

*If SP redirects to IdP and IdP already has a session, the user is redirected back to the SP without needing to sign in again. 

Sign-Out Workflow 

User Workflow Service Provider Workflow 
Signed in user clicks sign out SP redirects to IdP SSO process signs user out of IdP and redirects to SP 
User lands on Service Provider site and is signed out of both IdP and SP SP will clear user’s session 

Setup Process 

Client 

  1. Send the Service Provider Metadata to ISG (Endpoint or XML File) 
  1. Define the value to be passed as NameID attribute of the SAML Subject (iMIS Email, ID or Username field) 
  1. Provide the list of attributes to be included in the SAML Assertion (iMIS table/field) 

ISG 

  1. Create a new Client Application and SSO Page in iMIS 
  1. Create a new SAML Certificate and upload the PFX file with the certificate to ISG’s Client Portal 
  1. Create a new SAML SSO Integration entry in ISG’s Client Portal, complete the following fields: 
  • Service Provider: 
  • Metadata (Endpoint or XML File) 
  • Identity Provider: 
  • NameId Format 
  • Response Message Format 
  • Response Assertion Format 
  • Enable Login Request Tracing: 
  • Set to “Yes” during development and testing phases 
  1. Configure the SAML Assertion attributes 
  1. Send the Identity Provider Metadata to the client (Endpoint or XML File) 

Client 

  1. Import the Identity Provider Metadata in their system 

Requirements 

  • iMIS EMS Version or iMIS 2017. 
  • SAML version 2.0.