SAML Federation is an enterprise feature and you need to have an enterprise license to use this feature.
This feature allows you to federate multiple Identity Providers (IdPs) without needing any additional plugins or code changes. Extremely useful in cases where the SAML support is restricted to a single provider and you need to support multiple IdPs. Contact us to find out more.
SAML Federation Flow
Here is how the SAML Federation flow works if you are using Jackson as a SAML IdP and want to federate with another identity provider (IdP) (Eg: Okta):
- The user accesses the Service Provider's (SP) login page
- The user clicks on the "Login with SAML" button
- The SP sends SAML Request to Jackson's SSO endpoint
- Jackson displays the list of IdP available for the user to choose from (if there is more than one IdP) based on the requested tenant and product combination
- Jackson redirects the user to the chosen IdP for authentication
- After successful authentication, IdP sends (POST) SAML Response to Jackson's ACS endpoint
- Jackson process SAML Response from the IdP and create a new SAML Response to send (POST) back to the SP's ACS endpoint
- SP process SAML Response from Jackson and create a new session for the user (Depending on the SP's implementation)
Visit Create SAML Federation App to learn how to create and configure a SAML Federation App.