Symbio SSO

Checklist

The following checklist aids you in collecting all necessary data to get started with setting up SAML for Symbio.

If you can answer every question with Yes, your infrastructure is Ready for Symbio SSO.

Question	Answer
Symbio and IdP both reachable by browser?	☐ Yes ☐ No
SAML 2.0-compliant IdP available?	☐ Yes ☐ No
SSO HTTP-REDIRECT endpoint supported?	☐ Yes ☐ No
POST to ACS endpoint supported?	☐ Yes ☐ No
SHA-256 signatures supported?	☐ Yes ☐ No
IdP Metadata XML file available?	☐ Yes ☐ No
Metadata contains trustworthy certificate?	☐ Yes ☐ No
(If on premise) Symbio installed on HTTPS binding?	☐ Yes ☐ No
If targeting Azure AD: Are you using Azure AD Premium	☐ Yes ☐ No

Please provide the IdP Metadata XML file to Ploetz + Zeller GmbH to get your Cloud instance of Symbio configured for SSO.

Additional Question	Answer (needed by P+Z for Cloud setups)
Claim Type users are identified by?	(UPN preferred)
Claim Type used for group membership?	(Group preferred)

If these answers diverge from the desired claim types, a custom claims mapping needs to be added.

The following data is most likely needed to setup your IdP:

Element	Value
Initiated By	Service Provider (IdP-initiated not supported)
SP Entity ID	http://symbioworld.com/web
SSO Service	Expect HTTP-REDIRECT
AuthnRequest	Expect Unsigned
ACS Type	Set to HTTP-POST
Response	Set to Signed
SP URL	Symbio Root URL (Cloud: provided by P+Z)
ACS URL	Symbio Root URL + "/AuthServices/Acs"
Minimal Claims	(see below)

UPN (upn: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)
Last Name (surname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname)
First Name (givenname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname)
E-Mail (emailaddress: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)
Group (group: http://schemas.xmlsoap.org/claims/Group)

If your claims diverge from this list, please provide P+Z with a list of transmitted claims.