Skip to main content

SAML with Generic IdP

This guide covers configuring SAML 2.0 SSO with any SAML-compliant identity provider. Use this guide if your IdP is not Okta or Google Workspace, or if you prefer to configure SAML manually.

Prerequisites

  • Admin access to your identity provider
  • Admin access to the NetActuate portal
  • A verified domain in your NetActuate account

NetActuate Service Provider Details

Configure your IdP with the following Service Provider (SP) details:

FieldValue
ACS URL (Assertion Consumer Service)https://portal.netactuate.com/saml/acs
SP Entity ID / Audience URIhttps://portal.netactuate.com/saml/metadata
Name ID Formaturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
BindingHTTP-POST
SP Metadata URLhttps://portal.netactuate.com/saml/metadata

Step 1: Create an Application in Your IdP

Create a new SAML 2.0 application in your identity provider's admin console. Enter the Service Provider details from the table above.

Step 2: Configure Attribute Mapping

Map the following user attributes from your IdP to the NetActuate attribute names:

IdP User AttributeNetActuate Attribute NameRequired
User email addressemailYes
First namefirstNameYes
Last namelastNameYes

Note: Attribute names are case-sensitive. Ensure they match exactly as shown.

Step 3: Export IdP Metadata

Export your IdP's SAML metadata. This is typically available as:

  • A metadata XML file download
  • A metadata URL endpoint

You will need either the file or the URL to configure NetActuate.

Step 4: Configure NetActuate

  1. Log in to the NetActuate portal.
  2. Navigate to Account → Settings → SAML.
  3. Provide your IdP metadata by either:
    • Entering the IdP metadata URL, or
    • Uploading the IdP metadata XML file
  4. Click Save.

Step 5: Assign Users

In your identity provider, assign the application to the users or groups that need access to the NetActuate portal.

Step 6: Test the Integration

  1. Open a new incognito/private browser window.
  2. Navigate to the NetActuate portal login page.
  3. Select SSO Login and enter your corporate email address.
  4. Verify that you are redirected to your IdP and can authenticate successfully.

SAML Response Requirements

NetActuate expects the following in the SAML response:

  • The response must be signed (either the assertion or the full response)
  • The NameID must contain the user's email address
  • The required attributes (email, firstName, lastName) must be present
  • The Destination must match the ACS URL

Troubleshooting

  • Signature validation failed: Ensure your IdP's signing certificate matches what was provided in the metadata.
  • Missing attributes: Verify your attribute mapping includes all required attributes with the correct names.
  • Time sync issues: SAML assertions include timestamps. Ensure your IdP server's clock is synchronized (NTP).

Need Help?

If you run into issues, contact NetActuate Support.