Print
Configuration Instructions for other IdPs
If your Identity Provider is not listed as an Identity Provider that has been tested with eCase, consult your IdP's documentation for specific details to perform the steps below:
- Once signed into eCase, go to the More menu on the eCase menu bar and click on the drop down arrow.
- Select the SAML Settings link under the Settings column. The SAML Settings page appears.
- The first step is to configure your IdP to recognise eCase as a Service Provider. Copy the SP Endpoint URL and SP Entity ID values. If the SP Entity ID is not compatible with your IdP, change the value on the eCase SAML Settings page.
- The next step is to configure eCase to recognise your IdP. In the IdP Endpoint URL field, enter the URL that eCase will use to initiate the Single Sign On process.
If your IdP exposes different URLs for different SAML bindings, use the URL for the HTTP-Redirect binding. eCase does not support any other bindings (such as HTTP-POST).
TIP This may be referred to as the SAML Request endpoint - In the IdP Entity ID field, enter the entity ID for your IdP.
- In the IdP X.509 Certificate field, enter the X.509 certification your IdP uses to sign SAML responses.
NOTE Use PEM (or Base64) encoding when extracting the certificate from your IdP - Ensure you configure your IdP to send the following user attributes in the SAML Response:
Attribute Name Value SAML Response NameID or
http://schemas.xmlsoap.org/ws/2005/05/identity/cla...Unique, immutable ID for the user http://schemas.xmlsoap.org/ws/2005/05/identity/cla... User's email address http://schemas.xmlsoap.org/ws/2005/05/identity/cla... User's first name http://schemas.xmlsoap.org/ws/2005/05/identity/cla... User's last name
Most IdPs will allow you to configure the immutable user ID as the Name ID on the SAML Response. If your SAML response includes a "nameidentifier" attribute in addition to the Name ID, this will be used by eCase instead.
NOTE It is your responsibility to ensure that the Name ID is a unique, unchanging identifier for an individual user. eCase will create a duplicate account for a user if their Name ID changes.