SAML 2.0 is the leading standard to implement single sign-on. Banyan integrates with your SAML Identity Provider, via the SAML 2.0 HTTP POST binding, to authenticate enterprise users that need access to Banyan secured services.
In order to set up this integration, you need will need administrative access to your SAML Identity Provider and the ability to add a new SAML App.
1a. Navigate to Settings > TrustProvider Settings > Identity Provider and then set your User Identity Provider to SAML.
You will fill out these Identity Provider configuration fields after you set up the new application integration in SAML IDP.
1b. Take note of the Redirect URL (ACS) provided in the configuration field. You will need it for the steps in SAML IDP below.
When asked for
Assertion Consumer Service (ACS) URL,
SP SSO URL, or
Recipient SSO URL in the SAML Identity Provider, use the Redirect URL you obtained in Step 1b above.
If you’re asked for the
RP/SP Entity ID, use the Redirect URL as well.
NameID format in your IDP is set to
Persistent; Banyan TrustProvider does not support other formats right now.
Banyan requires your IDP’s returned SAML assertion to contain attributes can be mapped to a user’s Email, Username, and Groups.
Configure that mapping in this step, and take note of the names for the Email Attribute, Username Attribute, and Groups Attribute.
Allow Banyan to federate authentication of all users in your organization to your SAML IDP.
You still need to apply Policies in the Banyan Command Center to manage which users can access specific internal applications.
Note down the data you need to enter in the next step.
6a. Return to the Identity Provider page in the Banyan Control Center (Settings > TrustProvider Settings > Identity Provider) and enter the Banyan TrustProvider App parameters from your SAML IDP:
3b. Click Update Identity Provider Config to save the settings.
That’s it! You have successfully integrated your SAML IDP to manage your directory of users in Banyan.