Identity Provider Configuration

Adobe does not provide Identity Provider (IdP) hardware or software. However, you can obtain it from various sources, either for purchase or for free from the Web. Use the documentation included with your IdP solution to help you install and configure your IdP.

Important: Adobe strongly recommends against using this deprecated Analytics SSO integration. The product is moving toward Marketing Cloud as the sign-on gateway. Enterprise SSO with Marketing Cloud is up and running, and all future development will take place there. See Identity Management in Marketing Cloud help.

When you configure your IdP for use with single sign-on, be aware of the following requirements:

  • Configure your IdP to use SAML 2.0.
  • To ensure maximum security, secure your IdP by allowing users access to it only from within your private corporate network. This level of security limits the likelihood of identity discovery exploit vectors.
  • Your IdP configuration must have Assertion Encryption enabled. The Service Provider accepts only encrypted assertions.
  • Your IdP configuration must pass two Attribute Name values in the assertion's AttributeStatement. The two values are username and company. For more information regarding this requirement, see Assertion Code.
  • Your IdP configuration must use subject confirmation to ensure that requests come from valid users and are not falsified. You can use any method that you can set up within a browser request. Therefore, you have the choice to select a subject confirmation method that is consistent with your company‚Äôs authentication policy. Subject confirmation methods include the following:
    • Web browser cookies
    • Verifying Windows domains
    • Forcing network login
    • Filtering by MAC or IP address
Note: To ensure proper authentication, be sure the user names that are used in your back-end authentication credential system are identical to the user names that were created in the reporting and analytics platform.