SAML¶

Start Configuration¶

1. Identity Provider: A platform that provides identity management services, used to manage user identities and authentication information. Define the name here.
2. Metadata Document: An XML document provided by the IdP.
3. Remarks: Custom-added descriptive information, used to record relevant explanations about the identity provider.
4. Access Restrictions: Verifies whether the login email domain suffix matches the configured domain. Only matching email addresses have access to the SSO login link. The first-time user can dynamically create a Guance member account without needing to create it in advance within the workspace.

5. Role Authorization: Assign roles to SSO accounts logging in for the first time; accounts logging in non-first times are unaffected.

   • If SAML Mapping is enabled within the workspace, roles will be assigned according to the mapping rules with priority.

6. Session Persistence: Set the idle persistence time and maximum persistence time for SSO login sessions. After timeout, the login session will become invalid.

For more information on role permissions, refer to Role Management.

Obtain Entity ID and Assertion Address¶

After successfully adding the identity provider, click the Update button on the right to obtain the Entity ID and Assertion Address, which can then be completed according to the SAML configuration requirements of the identity provider.

Session Persistence¶

When configuring SSO single sign-on, you can set a unified login persistence time for enterprise members logging in via SSO, including "idle login session persistence time" and "maximum login session persistence time".

• Idle login session persistence time: Supported range is 180～1440 minutes, default value is 180 minutes.
• Maximum login session persistence time: Supported range is 0～7 days, where 0 indicates never expiring, default value is 7 days.