SAML Secure Transparent Sign-On
Secure Transparent Sign-On (single sign-on or SSO) is available for the Glance Client, Glance Screen Share, Glance Device Casting, and Glance Cobrowse. It is also available to sign in to Glance's Manage Your Account page.
You may configure your account (group) to use SSO. Once configured, it is available to all the users in your account.
The Glance service and website is a SAML Service Provider (also known as a Relying Party). Glance uses customer-furnished Identity Providers for secure transparent sign-on. Glance services work correctly when sign on is initiated either by the Service Provider or the Identity Provider.
Service Target URLs
When accessing Glance via SSO, you use Service Target URLs (STUs). More information about STUs is here.
SAML 2.0-compliant Identity Provider services include (among others):
- Microsoft Active Directory Federation Services (ADFS)
- Microsoft Azure AD
- One Login
- CA Single Sign-On (formerly CA SiteMinder)
Glance's SAML SSO implementation offers optional automatic provisioning (just-in-time provisioning) for new users. If you wish to use automatic provisioning, please contact Glance Customer Success.
Setting up SAML Sign-On
Configure secure transparent sign-on.
Set up single sign-on provisioning.
Which User is Authorized?
SAML assertion details.
A list of common problems when provisioning SAML.
Sample SAML Assertion Document
The key protocol element in a SAML authentication transaction is passed as an XML document containing an <Assertion> stanza.
SAML SSO for AD/FS
Follow these instructions to add a Relying Party Trust to your Active Directory Federation Services instance for Glance services.
Details about encrypted SAML transactions.
Updating your SAML public key or API key
Updating your cryptographic public key for SAML single sign-on, or your API key.
Single sign-on FAQs
Frequently asked questions and answers about SAML single sign-on