There are two parts to a SAML interaction
- on one side it's the Identity Provider (IDp) — examples are Okta.com and OneLogin.com
- on the other side it's the Service Provider (SP) — Assembla in this case.
1. Identity Provider (IDp) configuration
The only piece of information that an IDp usually needs from the SP is the "SAML Consumer URL" or "SAML Assertion Consumer Service URL" and for an Assembla portfolio it is https://YOUR_PORTFOLIO_SUBDOMAIN_NAME.assembla.com/p/saml/consume.
2. Service Provider (SP) configuration
There are two pieces of information that Assembla needs to be able to interact with an IDp:
- IDp Single Sign-On URL, also known as "SAML Endpoint URL"
- the IDp X.509 certificate *or* just certificate's fingerprint
A portfolio owner can configure it to authenticate team members using company's SAML server. To enable SAML authentication go to portfolio's Admin tab and check "Enable" under "SAML authentication" section at the bottom.
Once that's checked, you need to enter the two pieces of information about your IDp:
- the SAML authentication endpoint
- the X.509 certificate *or* its fingerprint
Click "Update SAML settings" button and you're all set: the team members will only be able to authenticate using the specified SAML server.
3. Authentication workflow changes
When SAML authentication is enabled, the Assembla.com authentication workflow change in a way that both, existing and invited users, will see a greeting message that will invite them to authenticate with the designated SAML server. There are 2 different paths to authenticate:
1. from www.assembla.com/login page, you will still see the normal login page where you enter your assembla credentials. Once you login, you will see this page:
2. from portfolio.assembla.com page, you won't be asked to login with your assembla credentials. You will see this page:
To access the repositories in Assembla spaces, team members will have to set their Assembla password in the "Login & Password Settings" section of their profile:
If you have any questions or need assistance. Please always feel free to email us at firstname.lastname@example.org. We will be happy to assist.