The Conga Contracts SAML SSO service is based on SAML2, utilizing the HTTP Redirect binding for SP to IDP communication and the HTTP Post binding for IDP to SP communication. We require the assertions to be digitally signed in order to validate the request. This solution offers two methods for authentication.
Authentication OnlyUsers are created and all user information is maintained within the application, the login name for a specific user then must match the Name ID in the subject passed via the assertion.
Authentication and AuthorizationIf a user does not exist within the application upon the user’s first access, the user will automatically be created. Group permissions are passed as attributes in the assertion and mapped to pre-‐defined roles within the Conga Contracts application to determine the users access level.