SAML Deployment Best Practice Guidelines

This section provides best practice guidelines for deploying SAML single sign-on (SSO) on your SuiteProjects Pro account.

• For an initial SAML deployment:

  • Test the SAML deployment on a sandbox account. Make sure it works as expected before you deploy SAML to your production account.

  • When you deploy SAML to your production account, only enable a small group of SuiteProjects Pro users to sign in using SAML SSO. Make sure it works as expected before you enable all users to login using SAML SSO.

• When changing over to a new identity provider (IdP):

  Test the new IdP configuration on a sandbox account. Make sure it works as expected before you change the IdP configuration on your production account. To discuss procuring a sandbox account for this purpose, contact your SuiteProjects Pro account manager.

• Always have at least one account administrator who can sign in to SuiteProjects Pro using password authentication. This will ensure an account administrator will be able to access your account in case there is an unexpected problem with SAML. If you enable a user to login using SAML SSO, this user can no longer use the default password authentication method to access SuiteProjects Pro.

• SuiteProjects Pro SAML certificates on sandbox and production environments have a finite lifetime. SuiteProjects Pro rotates SAML certificates that are about to expire. When SuiteProjects Pro rotates the SAML certificates, you must update the SAML signing and encryption certificates for the SuiteProjects Pro service provider profile in your identity provider product. See Updating the SuiteProjects Pro SAML Signing and Encryption Certificates in the Identity Provider Configuration.

  Note:

  Before SuiteProjects Pro rotates the SAML certificates, you will receive a proactive feature change notification (PFCN) with information about the dates when new certificates will become available and previous certificates are due to expire.