Configure service provider settings
- Log in to theBlackBerry AtHocmanagement system as an Organization Administrator or Enterprise Administrator.
- Click .
- In theUserssection, clickUser Authentication.
- On theUser Authenticationpage, in theAssign Authentication Methods to Applicationssection in theSelf ServiceorManagement Systemsection, clickConfiguration.
- In theManagement system SSO configurationorSelf Service SSO configurationwindow, scroll down to theService Providersection.
- Configure the followingGeneral Settings:
- Service Provider Name: Enter the name of the service provider that sends the SAML authentication request. Enter a name that is a minimum of three characters and a maximum of 512 characters. The following special characters are not allowed: `!?"<>!$%&^()={},;\:?"<>
- Assertion Consumer Service URL: This field is pre-populated with the service provider's endpoint URL that receives the SAML from the identity provider. The assertion consumer service URL is appended with the organization code. For example:
- Self Service URL:https://domain/SelfService/Account/NewSSO/organization-code
- BlackBerry AtHocmanagement system:https://domain/Client/organization-code
- Logout Service URL: This field is pre-populated with the URL of the service provider's endpoint that receives SAML log out messages. For more information, see SSO logout service.
- Custom Logout URL: Optionally, enter a custom URL to redirect users to at logout.
- Custom Logout Service Binding: Optionally, selectPOSTorRedirectas the transport mechanism (SAML binding) to use when sending SAML authentication requests to the partner IDP. The default setting isPOST.
- Configure the followingSecurity Settings:
- SAML Request Signature: SelectSignedorUnsigned. WhenSignedis selected, SAML authentication requests received from the partner service provider must be signed. Receiving signed authentication requests is optional, but highly recommended.
- IfSAML Request Signatureis set toSigned, select aSignature Algorithm. The default setting isRSA-SHA256.
- In theCertificate*section, do one of the following:
- SelectUse BlackBerry Certificateto use the signed BlackBerry certificate.A system administrator must upload a valid BlackBerry signed certificate for this option to appear.
- SelectUse Custom Certificateand clickImport Certificate. On theImport Certificatewindow, enter a password and clickBrowse. Navigate to and select a valid certificate file. ClickImport. Only .pfx and .p12 file types are supported.
- ClickApply.
- On theUser Authenticationpage, clickSave.