Use this guide to enable a SecureAuth IdP realm to utilize a SAML ACS begin site.

At this begin site, SecureAuth IdP can consume a SAML assertion (acting as the Service Provider) from an Identity Provider (IdP). From there, the end-user follows the SecureAuth IdP workflow configured in the realm (e.g. 2-Factor Authentication) and is asserted to the Post Authentication target.

For SecureAuth IdP 8.1 appliances, this Begin Site configuration is no longer necessary and is replaced by the SAML Multi-tenant Consumer.


1. Configure an SP to deliver a SAML assertion to SecureAuth IdP

2. Create a New Realm or edit an existing realm to which SAML ACS will be applied in the SecureAuth IdP Web Admin

3. Configure the following tabs in the Web Admin before configuring for SAML ACS:

  • Overview – the description of the realm and SMTP connections must be defined
  • Data – an enterprise directory must be integrated with SecureAuth IdP
  • Workflow – the way in which users will access the target must be defined
  • Registration Methods – the 2-Factor Authentication methods that will be used to access the target (if any) must be defined
  • Post Authentication – the target resource or post authentication action must be defined
  • Logs – the logs that will be enabled or disabled for this realm must be defined
SecureAuth IdP Configuration Steps


1. In the Custom Front End section, select Token from the Receive Token dropdown

2. Select True from the Require Begin Site dropdown

3. Select Custom from the Begin Site dropdown

4. Set the Begin Site URL to SAML20IdPInitACS.aspx

SAML 2.0 Service Provider


5. Copy the contents of the SAML Signing Certificate used in the application configuration, and paste it into the ACS / SAML Request Certificate field

Click Save once the configurations have been completed and before leaving the Workflow page to avoid losing changes