Understanding SAML for Media Shuttle

SAML allows you to authenticate portal members using services such as Microsoft Active Directory Federation Services or other third-party providers such as Okta or OneLogin.

SAML/SSO is available as a licensed feature. For assistance enabling the feature on your account, contact Signiant Customer Care.

With a SAML license, Media Shuttle can allow user authentication using two methods:

  • Through Media Shuttle itself
  • Through Single Sign-On (SSO) using SAML 2.0 (Security Assertion Markup Language)

Either or both of these options can be configured for any portal.

The main benefits of using SAML are:

  • Single Sign-On: Individual employees can log into Media Shuttle with their corporate account credentials
  • Improved password policy enforcement: SAML Administrators can maintain and set password policies through an identity provider or service
  • Automated authorization and credential management: Large groups of users can be provisioned automatically

saml authentication diagram

Service Provider/Identity Provider

A trust relationship is established between Media Shuttle and the SAML authentication service. In this trust relationship, Media Shuttle is known as the Service Provider (SP) or Relying Party, and the SAML authentication service is known as the Identity Provider (IdP) or Claims Provider.

Identity providers in use with Media Shuttle include:

  • Microsoft Active Directory Federation Services (ADFS)
  • Okta
  • OneLogin

Encryption Method

Administrators can set whether to connect a SAML service provider using a SHA-1 or SHA-256 encryption when checking authorization credentials. The Service Provider must be configured to use the same encryption method to authorize users.

Configuration Type

SAML can be configured at the Account level or Portal level. At the Account level, all existing portals, as well as any new portals, are configured using the same settings. At the Portal level, individual portals can be configured differently.

Administrators can also require SAML authentication for members from specific email domains, while all other domains are authenticated through Media Shuttle or a second SAML identity provider.

For configuration instructions, see Configuring SAML for Media Shuttle.

End User Experience

When logging into a Media Shuttle portal with SAML enabled, members will see a prompt to enter their email address, or a link to sign in using SAML.

Note: You can customize the SAML sign-in link through your Security settings.

If the portal is configured for authentication through Media Shuttle only, the portal member is directed to enter their password.

If the portal is configured only for SAML authentication through one identity provider, the portal member is directed to that identity provider.

If the portal uses authentication through two SAML identity providers, the portal member enters their email address and is then directed to the relevant identity provider.

If the portal is configured for both Media Shuttle and SAML authentication, the portal member enters their email address. Depending on the email domain, the portal member is either directed to enter their password or directed to the identity provider.

After successful SAML authentication, the user is directed back to the Media Shuttle portal. The user is linked to Media Shuttle by the URL returned by the identity provider.

Portal Authentication Flow

portal authentication flowchart

References

SAML 2.0 Web Browser SSO Profile
http://en.wikipedia.org/wiki/SAML_2.0#Web_Browser_SSO_Profile

SAML Standards
https://docs.oasis-open.org/security/saml/v2.0/

Active Directory Federation Services
https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services

Was this page helpful?
About SigniantSigniant’s intelligent file movement software helps the world’s top content creators and distributors ensure fast, secure delivery of large files over public and private networks. Built on Signiant’s patented technology, the company’s on-premises software and SaaS solutions move petabytes of high-value data every day between users, applications and systems with proven ease.LEARN MORE
Quick Links