Skip to main content

How to configure SAML Logout

SAML Logout provides seamless termination of user sessions in the SecureAuth® Identity Platform (IdP) when they log out of a service provider (SP).

For example, in a corporate setting, when an employee finishes work and logs out of a work application, SAML Logout ensures they are securely logged out of their corporate IdP. This enhances security and simplifies user session management.

Read on to learn how to enable SAML Logout for an Identity Platform application.

If you'd like to learn more about Single Logout (SLO), see How to configure Single Logout (SLO).

Applies to

SecureAuth Identity Platform release 24.04 or later.

Configuration steps

This assumes that you have a SAML application configured in the Identity Platform.

  1. In the left navigation of the Identity Platform, click Application Manager.

  2. Click the pencil icon for the application you want to enable SAML Logout.

    The Application Settings page appears.

  3. In the Connection Settings section, click the pencil icon.

  4. In the SAML Logout section, set the following configurations.

    SAML Logout URL

    Enter the logout URL for the Service Provider (SP).

    SAML Request Certificate

    Provide the sign certificate from the Service Provider (SP).

    SAML Logout Binding

    Select a protocol for the logout process.

    Selection options are:

    • HTTP POST – When a user logs out from the application, the SP uses an HTTP POST request to send a logout request message to the IdP.

    • HTTP Redirect – When a user logs out from the application, the IdP uses an HTTP redirect to send a logout request to the SP.

    Single Logout

    Optional. After completing all the SAML Logout fields, this setting appears.

    To learn more about Single Logout (SLO), see How to configure Single Logout (SLO)

    saml_single_logout_enabled.png
  5. Click Update Settings.

    After it saves the application, the Information for Service Providers page appears. You will need this information to complete the configurations on the service provider side.

    samllogoutspinfo.png