Overview
This document describes the steps required to configure Security Assertion Markup Language (SAML) Single Sign-On (SSO) for eCase. The SAML SSO configuration enables organizations to authenticate users through an external Identity Provider (IdP), allowing centralized authentication management and enhanced security.
Prerequisites
The configuration must be performed by a user with administrative privileges.
The organization must have an active SAML-compliant Identity Provider.
SAML metadata values (such as Partner Service URL, Identity Provider details, and certificates) must be available prior to configuration.
Accessing SAML SSO Configuration
The SAML SSO Configuration page is available in the Admin Web Application.
To access the configuration page, log in to the eCase Admin application and navigate to System Configuration. Select SAML SSO Configuration to manage the SAML SSO Settings. Only users with appropriate administrative permissions can access and manage this page.
Enabling SAML SSO
At the top of the SAML SSO Configuration page, an Enable SAML SSO toggle is available. By default, the toggle is disabled and field validation is not enforced.
When the toggle is ON, SAML SSO is enabled, and all the configuration fields become mandatory.
Proceed with filling out the details in the User Application and Admin Application section.
The Admin Application section allows separate SAML configuration for administrative access.
The following fields are required when SAML SSO is enabled:
Field | Description |
Service Provider | Displays the Service Provider identifier used by eCase for SAML authentication. |
Partner Identity Provider | Specifies the Identity Provider entity ID provided by your organization. |
Partner Service URL | The endpoint where the Identity Provider sends SAML authentication responses. |
Partner Certificate File | Upload the public certificate provided by the Identity Provider to validate SAML assertions. |
Signature Certificate | Upload the certificate to sign outgoing SAML requests. |
Signature Certificate Password | Enter the password associated with the signature certificate, if applicable. |
Name ID Format | Specifies the format used to uniquely identify authenticated users. |
Logout URL | Defines the URL users are redirected to after logging out. |
Certificate Management
SAML certificates are self-managed through the Administrator interface. Administrators can upload or replace certificate files directly from the configuration page. Backend updates are no longer required to manage SAML certificates.
Validating the Configuration
A Test button is available to validate the SAML configuration. If the validation is successful, a message is displayed on the screen confirming the same.
To save the SAML SSO configuration, ensure that the Enable SAML SSO toggle is ON. Once you fill out all the mandatory fields in both User and Admin Application sections and upload the required certificate files, click Save.
If validation is successful, the configuration is saved.
NoāPIV Configuration
NoāPIV Configuration allows administrators to define authentication behavior for users when PIV (Personal Identity Verification) is not configured while the application is integrated with SAML Single SignāOn (SSO).
When the Enable TwoāFactor Authentication checkbox is selected, you must complete an additional verification step beyond username and password. Administrators can configure the verification method and define the number of allowed verification failures before the access is restricted, ensuring enhanced security for nonāPIV SAML authentication scenarios.
NOTE: Doubleācheck all configuration values before saving to avoid being locked out of the platform. If login issues occur after enabling SAML SSO, contact your system administrator or customer support immediately.