Edit an IdP authentication source

Managing authentication sources > SAML 2.0 supported IdP > Editing authentication sources > IdP Edit page > Edit an IdP authentication source

Edit an IdP authentication source

From the navigation bar, click Applications.
The Authentication Sources page opens.

Use this page to set up and manage the authentication sources for your Single Sign-On experience. The available authentication sources are listed in the grid. You can easily identify the authentication source(s) you are using by looking at the Enabled column. Yes indicates an authentication source is enabled and in use. No indicates the authentication source is not in use. More than one authentication source can be enabled.

If more than one authentication source is enabled, a user is prompted for an authentication source selection when logging in. You can set an advanced setting (Save Authentication Source Selection) to allow the initial authentication source selection to be remembered via a cookie.

You can learn more about the different authentication sources in the Managing authentication sources topic.

Buttons, links, and options

Click to edit an authentication source.

Opens the Add Authentication Source page so you can define your IdP. There are several methods you can use to define your IdP. Refer to Adding IdP authentication sources for details.

Click this button to manage claims. This button only appears after a SAMLResponse is received from the IdP. Life Suite Authentication does not know about what claims assertions are coming from the IdP until it has received that first SAMLResponse feed.

Note: This button only applies to IdP authentication sources not Life Suite Login or Global GetSession authentication sources.
In the grid beside an IdP authentication source, click .
The IdP Edit page opens.

Use this page to make changes an IdP authentication source. The settings you can edit depend on how the IdP was set up. When you access this page, if a setting is grayed out, it is not editable.

If the IdP was generated from a metadata URL, you can only manage these settings: Enabled, IdP Description, IdP Name, and Metadata URL.

If the IdP was generated from a metadata file, you can only manage these settings: Enabled, IdP Description and IdP Name.

To update an existing metadata file generated IdP, you can re-upload the file. If the EntityId is the same, it will update the existing IdP instead of generating a new IdP.

Settings

Enabled

If set to Yes, Life Suite Login is recognized by Life Suite Authentication as a valid authentication source. This does not necessarily mean that this authentication source is fully functional. Additional configuration may be required. If multiple authentication sources are enabled, an unauthenticated user is presented with a choice of all authentication sources.

If set to No, the authentication source is not enabled.

EntityId

The unique name/entity of the IdP.

Note: Also referred to as audience or audience restriction by some IdPs.

Encryption Certificate

The public encryption certificate from your identity provider. Click Browse to find and upload.

Signing Certificate

The public signing certificate from your identity provider. Click Browse to find and upload.

Metadata File

The metadata file for the authentication source. This is shown if the IdP was created from a file (not editable).

Metadata URL

The metadata URL for the authentication source. This is shown if the IdP was generated from a URL (editable).

IdP Description

Enter the name or label presented to users for selection when multiple authentication sources are enabled.

Tip: Use a descriptive name that makes it clear which IdP applies to a user.

IdP Name

The name or label used within Life Suite Authentication to refer to the authentication source/IdP.

Logout Binding

The binding the IdP uses for logout messages.

Note: An IdP's binding can be different than Life Suite Authentication's binding.

Logout Service URL

The URL that Life Suite Authentication calls to complete a single logout (SLO) scenario.

Sign-on Binding

The binding the IdP uses for sign-on messages.

Note: An IdP's binding can be different than Life Suite Authentication's binding.

Sign-on Service URL

The IdP that Life Suite Authentication routes to for authentication.

Note: Also referred to as the Post Back URL, Destination URL, Recipient URL, or SAML Consumer URL by some IdPs.
Make changes as necessary.
Tip: Not every setting is editable. It depends on how the IdP was set up. Grayed out settings are not editable.
Click Save.