Login to the system with administrator privileges.
In the Administration module, go to Authentication Providers | SAML SSO.
Enable the SAML integration by checking the Enable SAML Integration checkbox.
Enable or disable Auto Create Artifactory Users (Using SAML login). If enabled, new users will persist in the database.
Enable or disable Allow Created Users Access to Profile Page. If enabled users will be able to access their profile without having to provide a password.
Provide the SAML Login URL and SAML Logout URL.
SAML Logout URL
To simultaneously logout from your SAML provider and the JFrog Platform, you need to correctly set your provider's logout URL SAML Logout URL field. Setting this incorrectly will keep your users logged in with the SAML provider even after logging out from the system.
Provide the service provider name (Platform name in SAML federation)
Provide the X.509 certificate that contains the public key. The public key can use either the DSA or RSA algorithms. The Platform uses this key to verify SAML response origin and integrity. Make sure to match the embedded public key in the X.509 certificate with the private key used to sign the SAML response.
Custom URL base
For your SAML SSO settings to work, make sure you have your Custom Base URL configured.
Signed and encrypted Assertions
Make sure your SAML IdP (Identity Provider) provides a signed login Assertion. This is mandatory for the Assertion verification by the Platform.
Signed Logout is currently not supported by the Platform.
 |
SAML SSO Setting | Description |
|---|---|
Enable SAML Integration | When selected, SAML integration is enabled and users may be authenticated via a SAML server. |
SAML Login URL | The SAML login URL. |
SAML Logout URL | The SAML logout URL. |
SAML Service Provider Name | The SAML service provider name. This should be a URI that is also known as the entityID, providerID, or entity identity. |
Use Encrypted Assertion | When set, an X.509 public certificate will be created by Artifactory. Download this certificate and upload it to your IDP and choose your own encryption algorithm. This process will let you encrypt the assertion section in your SAML response. |
SAML Certificate | The X.509 certificate that contains the public key. |
Auto Associate Groups | When set, in addition to the groups the user is already associated with, they will also be associated with the groups returned in the SAML login response. Note that the user’s association with the returned groups is not persistent. It is only valid for the current login session in the browser (i.e. this will not work for logins using the SAML user id and API Key). Also, the association will not be reflected in the UIs Groups settings page. Instead, you can see this by enabling this SAML logger in your
|
Group Attribute | The group attribute in the SAML login XML response. Note that the system will search for a case-sensitive match to an existing group. |
Email Attribute | If Auto Create Artifactory Users is enabled or an internal user exists, the system will set the user’s email to the value in this attribute that is returned by the SAML login XML response. |
Auto Create Artifactory Users | When set, the system will automatically create new users for those who have logged in using SAML, and assign them to the default groups. |
Allow Created Users Access To Profile Page | When selected, users created after authenticating using SAML, will be able to access their profile. This means they are able to generate their API Key. If Auto Create Artifactory Users is enabled, once logging into the system, users can set their password for future use. |
Auto Redirect Login Link to SAML Login | When checked, clicking on the login link will direct the users to the configured SAML login URL. |
Verify Audience Restriction | A verification step has been set up opposite the SAML server to validate SAML SSO authentication requests. The |