Symptom
We always use the SAML login-page on our side, but now we want to send direct links to specific diagrams to our colleagues or spread the link on our intranet. Which link-structure do we have to use?
Resolution
You have to activate the checkbox for the service provider initiated authentication in the beginning (Explorer - Setup - Manage Collaboration Hub authentication).
The next steps depend on your SAML-server:
ADFS
-
Please execute following PowerShell command (as an administrator) on your ADFS:
Get
-AdfsRelyingPartyTrust
-Identifier
"editor.signavio.com"
- Search for the line "SignedSamlRequestsRequired" and check the value
- If the value is "False", continue with the steps for the other system (see below)
- If the value is "True", you have two options
- Option 1:
-
You can change the value to "False" with following command:
Set
-AdfsRelyingPartyTrust
-TargetIdentifier
"editor.signavio.com"
-SignedSamlRequestsRequired
$false
- Continue with the steps for the other system (see below)
-
- Option 2:
- Get in contact with the Signavio Support (They will send you a new certificate, which has to be changed in the RelyingTrustParty and they will change something in the background of your workspace).
- Option 1:
other system (e.g. Okta, Google, SAP)
- You can use two links for the SPI-Login:
https://editor.signavio.com/intralink/portal?t=<WorkspaceID>
You can find your Workspace ID under the "Workspace information" in the Help-menu.
https://editor.signavio.com/intralink/portal#/model/<ModelID>
→ Suggestion: replace the ModelID-parameter with the ID of your entry Point
Please note that customer of who are using the US or Australian infrastructure have to use app-us.signavio.com or app-au.signavio.com.
Keywords
KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To