Skip to main content
Feedback

Single sign-on with SAML authentication

System administrators can enable single sign-on (SSO) use for the Boomi Enterprise Platform.

note

This feature is part of Advanced User Security, which is available in the Enterprise and Enterprise Plus Editions, and as an add-on to the Professional and Professional Plus Editions. Consult with your Boomi account representative to enable this functionality.

What is SSO?

If you use multiple software applications in your workflow that operate independently from one another, your system administrator can enable single sign-on. This means you will be able to log into one of the applications once and have access to all the applications your administrator authorizes.

For example - you may work on a Windows network and use the platform. To log into Windows and the platform, typically you would need to remember two different URLs, two user names, and two passwords. With single sign-on enabled, you could log into Windows and simply click a link to go directly into the platform.

For more information about single sign-on, see the SAML page on Wikipedia. The Boomi Enterprise Platform supports single sign-on with SAML authentication and federation IDs for the Integration, Boomi DataHub, and API Management applications.

What Is SAML?

Security Assertion Markup Language (SAML) is an XML-based standard that allows security domains within software applications to exchange information about users trying to log into one of the related applications and then to either allow or prevent the user from logging in. One of the applications is considered the identity provider and the other application is the service provider.

Boomi's uses SAML 2.0 with federated authentication for our SSO implementation. SAML 2.0 allows service providers (such as the Boomi Enterprise Platform) to query the identity providers for authentication. The platform supports both identity provider-initiated sign in and service provider-initiated sign in.

  • The identity provider stores and serves user names and passwords for authentication. If a user clicks a link in the identity provider to a service provider's application, the identity provider securely passes the user's information to the service provider.

  • The service provider offers authentication services for access to protected resources. For example, when a user clicks a link to access the platform, the platform receives the user's information from the identity provider and determines whether the user should be allowed access to the service or application.

For more information about SAML, see the SAML page on Wikipedia.

What are federation IDs?

The Boomi Enterprise Platform's implementation of single sign-on with SAML uses a federation ID to identify the user who is requesting access to the application. In the platform, each user must have a federation ID that uniquely identifies the user within the account. When you enable single sign-on with SAML the user's federation ID appears in Setup on the User Management tab in the Add/Maintain User Roles dialog. It also appears in the identity provider on each user's record.

note

Federation IDs are case sensitive.

Benefits of single sign-on with SAML

Platform users benefit from using single sign-on because they:

  • Need to remember only one URL and one user name.
  • Need to remember and maintain only one password.
  • Do not need to spend time logging in and out of multiple systems.

Platform administrators benefit from using single sign-on because:

  • They can manage user access and user passwords from one application.
  • They have fewer passwords to maintain, which saves time.
  • It is easier to manage user access, especially when they need to take away a user's access to many applications. They can remove a user's access in the identity provider application, and his access is removed from all related service provider applications.
  • Centrally managed user access and passwords are more secure.
note

If you are using single sign-on, you need to use an API token to authenticate.

On this Page