Using multiple SAML Identity Providers

Though you should usually have a single Identity Provider, Softadmin® can support any number. Enter them through the admin interface, or directly into the SoftadminApi.SamlIdentityProvider table. Your [SingleSignOnLoginProcedure (SAML)] will need to look at the Issuer in the SAML assertion to known which IdP a user belongs to.

When Sign-in is initiated from the IdP

In this case users log in by choosing the Softadmin®-system from their list of applications in the IdP's dashboard. You will need to enable the Allow unsolicited responses setting for this identity provider.

When Sign-in is initiated from the Softadmin®-system

Set SingleSignOnSamlPortalUrl to the URL of an external portal page where users are able to choose which IdP to use.

The portal page should then forward the user to the page LoginSaml.aspx. It should forward the entire query string sent to the portal page and also append the value idp={identity of the chosen id server}.

For example:

function redirectToIdP(idp) {
    var qs = new URLSearchParams(document.location.search);
    qs.append('idp', idp);
    document.location.href = 'https://softadmin.example.com/LoginSaml.aspx?' + qs;
}