Enabling single sign-on using SAML

For customers using SAML single sign-on, until now SAP Signavio user accounts were created automatically when a user could log in to the identity provider. We added the option to configure account creation in the authentication setup, disabling the automatic creation as the default.

You can enable single sign-on (SSO) using the Security Assertion Markup Language (SAML) for your on-premises installation. Read more in the SAP Signavio Process Manager User Guide. The user guide article also explains which steps to take on the side of your service provider (SP), SAP Signavio Process Manager.

For signing the authentication request to the identity provider (IdP), a certificate is required. You must create this certificate, using a PKC12 keystore. In addition, you must add the following parameters to the server configuration file configuration.xml:

<certificates>
        <signavioCaCertSHA2Path>path to the SAP Signavio keystore, for example '/signavio/certstore/public/ca_2048bit_sha256.p12'</signavioCaCertSHA2Path>
        <signavioCaCertSHA2Alias>alias for the certificate, for example 'saml'</signavioCaCertSHA2Alias>
        <signavioCaCertSHA2Password>password for accessing the keystore</signavioCaCertSHA2Password>
        <isValidationOnlyCertSHA2>false</isValidationOnlyCertSHA2>
</certificates>

Read more on server configuration in section Configuring SAP Signavio Process Manager.