Subscription Information
This feature is supported on the Cloud (SaaS) platform with an Enterprise X or Enterprise+ license, and on the Self-Hosted platform with a Pro, Pro X, Enterprise X , or Enterprise+ license.
SAML (Security Assertion Markup Language) is an XML standard that allows you to exchange user authentication information between web domains.
The JFrog Platform offers a SAML-based Single Sign-On service allowing federated JFrog partners (identity providers) full control over the authentication process.
Using SAML, the JFrog Platform acts as a service provider which receives users' authentication information from external identity providers. In this case, JFrog is no longer responsible for the authentication of the user although it still has to redirect the login request to the identity provider and verify the integrity of the identity provider’s response.
Note
From Artifactory version 7.83.1, the ability to create multiple configurations for SAML SSO providers is gradually being rolled out to Cloud only.
To view the SAML SSO providers you have configured, go to Authentication Providers | SAML SSO. The list of provider configurations defined in Artifactory is displayed in the SAML SSO list section.
You can add new SAML SSO provider configurations, or edit or delete existing ones.
Enable the SAML integration as a whole by toggling the Enable SAML SSO toggle switch.
Security Best Practice
When enabling SAML SSO, it is recommended to disable internal users.
Caution
You can add new SAML SSO provider configurations, or edit or delete existing ones.
The following table describes the settings displayed for providers:
Item | Description |
|---|---|
Enable SAML SSO | Enable the SAML integration as a whole by toggling this switch. |
Using Encrypted Assertion | When enabled, an X.509 public certificate will be created by Artifactory. Download this certificate and upload it to your IDP and choose your own encryption algorithm. This process will let you encrypt the assertion section in your SAML response. This certificate will apply to all SAML SSO configurations. |
Service Provider Name | The SAML service provider name. This should be a URI that is also known as the entityID, providerID, or entity identity. |
Encrypted Assertion | When set, an X.509 public certificate will be created by Artifactory. Download this certificate and upload it to your IDP and choose your own encryption algorithm. |
Auto User Creation | When set, the system will automatically create new users for those who have logged in using SAML, and assign them to the default groups. |
Auto Login Redirect | When checked, clicking on the login link will direct the users to the configured SAML login URL. |
Enabled | When selected, this SAML integration is enabled and users may be authenticated via a SAML server. |