SAML Single Sign On Enablement
Enabling Single Sign On with Mirah via SAML 2
Getting Started
Setting up your SAML solution
Mirah will work with your IT team to set up your SAML solution. First, Mirah will send your team a Metadata document with all relevant information. From there your IT team will generate a metadata file for Mirah using your authentication service. Once that file is generated you will send the file back to Mirah, who will configure the SSO authentication between systems based on the generated metadata file.
The following information may be helpful for generating your metadata file:
| Setting | Description |
| IdP Metadata | The configuration details that allow your IdP to be validated when sending security assertions to Mirah. This should be provided by your IdP. This is not a certificate file, and should be an XML file. |
| What should be used as the Name ID? | This is the ID sent by your IdP to identify which provider is being authenticated. (Default is email) |
| Entity ID | In metadata file provided by Mirah, should be URL ending in "metadata" |
| ACS URL | In metadata file provided by Mirah, should be URL ending in "consume" |
| |
|
Security Requirements
| Setting | Description |
| SSL Requirements | All communication with the Mirah system must be over SSL with a minimum TLS version of 1.2 |
| Encryption Requirements | Your SAML assertions must be encrypted with a minimum of SHA-256. |
Additional Reference Documentation
If you are using a widely used authentication solution for your institute there are helpful guides available online that walk through the metadata generation process. Here are some of the most commonly used with Mirah:
Google - https://support.google.com/a/answer/60224?hl=en
Azure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-setup-sso
Okta - https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/#prepare-your-integration