Configuring the Identity Provider for the SAML Integration
This section describes the information you need to configure your identity provider (IdP) product for the SAML integration.
Note the following requirements:
-
IdP services must support SAML 2.0. In particular IdP services must support Redirect/POST bindings, and POST responses containing the SAML authentication assertion must be digitally signed.
-
IdP services must allow custom assertions.
-
SAML assertion encryption is optional, but should be used.
-
Make sure you review the best practice guidelines before deploying SAML SSO on your SuiteProjects Pro account or changing over to a new identity provider (IdP) — See SAML Deployment Best Practice Guidelines.
The following IdP configuration steps are required before SAML authentication assertions can be exchanged between the IdP and the SuiteProjects Pro service provider (SP). Specific IdP products may require custom configuration — refer to the IdP product documentation for details.
-
Import the SuiteProjects Pro service provider (SP) metadata — See SuiteProjects Pro SAML Metadata.
-
Configure the assertion attributes required by the SuiteProjects Pro SP — Either of the attribute
NameIDoruser_nicknamemust be included in the SAML assertion. See SAML Assertion Attributes. -
Download the IdP metadata XML file — You will need to upload the IdP metadata XML file when configuring SuiteProjects Pro to work with the IdP service, or when you need to update the metadata (after a new security certificate for your IdP service, for example).
SuiteProjects Pro SAML certificates on sandbox and production environments have a finite lifetime. SuiteProjects Pro rotates SAML certificates that are about to expire. When SuiteProjects Pro rotates the SAML certificates you must update the SAML signing and encryption certificates for the SuiteProjects Pro service provider profile in your identity provider product. See Updating the SuiteProjects Pro SAML Signing and Encryption Certificates in the Identity Provider Configuration.
This guide includes steps to set up Microsoft Entra ID with SuiteProjects Pro SAML SSO. See Configuring Microsoft Entra ID for the SAML Integration.
The third party product setup steps are given for illustration purposes only. SuiteProjects Pro does not support specific identity provider products or product versions. Refer to the product documentation for your identity provider for detailed and updated instructions. For additional questions about setting up your identity provider, please contact the Support services for your identity provider product.