Use this guide to enable Service Provider (SP)-initiated Multi-Factor Authentication and Single Sign-on (SSO) access via SAML to Accellion kiteworks.
- Accellion kiteworks account.
- SecureAuth IdP version 9.x realm configured and ready for the Accellion kiteworks integration.
Accellion Kiteworks configuration steps
1. Go to the kiteworks website and sign in as Admin.
2. Select Settings on the ribbon menu.
3. Go to Application > Authentication and Authorization > SSO Setup.
4. Select Setup SSO with SAML 2.0.
5. Check Initiate AuthnRequest and fill in all required SAML Settings:
a. IDP Entity ID
b. Service Provider Entity ID
c. Single Sign-On Service URL
d. Single Logout Service URL
6. Check Sign AuthNRequest.
7. Copy the Assertion Consumer URL.
SecureAuth IdP configuration steps
Post Authentication tab
1. In the Post Authentication section:
a. Select SAML 2.0 (SP Initiated) Assertion from the Authenticated User Redirect dropdown.
b. In the User ID Mapping section, select Email 1 from the User ID Mapping dropdown.
c. Select urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified from the Name ID Format dropdown.
d. Set Encode to Base64 to False.
e. In the SAML Assertion / WS Federation section, set WSFed Reply To / SAML Target URL to the Service Provider Entity ID – i.e. https://secureauth.kiteworks.com
f. In SAML Consumer URL, paste the Assertion Consumer Service URL you copied – i.e. https://secureauth.kiteworks.com/sp/module.php/saml/sp/saml2-acs.php/sp-sso
g. In WSFed / SAML Issuer, enter the Single Sign-On Service URL entered in the kiteworks section.
h. For SAML Recipient and SAML Audience, enter the same URL used at step "e" above – i.e. https://secureauth.kiteworks.com
2. After making other necessary settings, save the configuration.