Set up SAML authentication

Switch an authenticated environment Control Room database to a SAML identity provider (IDP).

Prerequisiti

Nota: SAML integration is irreversible. After it is in place, the configuration cannot be modified.

Ensure that you are logged in to the Control Room as the administrator.

Introducing credentials on a new system, before importing users, and other setup tasks might be required before setting up authentication for the Control Room. If users are imported, there must be matching user IDs, email addresses, first and last names, in both the Automation Anywhere credentials and matching records in order to log in after the SAML integration. For example, if using Okta as an SSO,users must have matching IDs, email addresses, first name and last names in both Automation Anywhere and Okta in order to log in after the SAML integration.

Have the necessary user information and certificate ready. Typical user information consists of userID, first and last name, and an email address.

Nota: The SAML IDP side setup must be validated before configuring the Control Room. See Configure the Control Room as a service provider.

After switching to SAML authentication environments, any users with non-SAML IDP formatted IDs will not be able to login. You will need ensure that any bots in their private folders are exported so they can be imported back against their new user accounts.

Much of this configuration is reliant upon third-party applications to create the necessary metadata. If you require more specific configuration information based on a specific provider, see Configure SSO authentication with Okta.

To switch the Control Room to a SAML-authenticated environment, follow the steps outlined in this procedure.

Procedura

Navigate to Administration > Settings > User authentication.
Select the Use SAML option.

Nota: The Use Control Room database option is selected by default.
In the SAML metadata field, enter the metadata from your SAML IDP setup.
```
<saml2:AuthnStatement AuthnInstant="authenticated_instance" SessionIndex="index_value_required">
```
Nota: The SessionIndex must be present in the AuthnStatement. This optional field in SAML is mandatory to integrate an IDP with Cloud Control Room.
In the Unique Entity ID for Control Room (Service Provider) field, enter the entity ID.

In the Encrypt SAML Assertions field, select one of the following options:

Opzione	Descrizione
Do not encrypt	SAML assertions are not encrypted.
Encrypt	SAML assertions are encrypted.

Opzionale: Enter the Public key and Private key values.

Nota: Enter keys only if you require encrypted SAML assertions.
Click Validate SAML Settings.
The Control Room will log in through the SAML provider and redirect back to the Control Room User Authentication page.

When you click this option, you will be redirected to a SAML 2.0 service provider web page where you will be prompted to enter credentials and other data.
Log in to your provider when prompted.
Click Save changes.

Automation 360