Channeltivity's channel management software includes full support for SAML 2.0 (Security Assertion Markup Language, an open standard for single sign-on) and includes many security enhancements to ensure your SAML configurations are secure. This article will walk you through the steps to ensure your SAML connections are locked down.


SAML provides a plethora of configuration options that include various settings for encryption and using digital signatures to verify identities of parties during single sign-on. Because of the many options, it's easy to create insecure SAML configurations, but Channeltivity tries to enforce best practices to prevent you from making costly security mistakes.


Channeltivity can be configured both as a SAML Identity Provider (IdP) and Service Provider (SP), so we have two separate sections explaining how to update existing SAML SP and IdP configurations in Channeltivity to take full advantage of all available security enhancements.


Updating Existing Service Providers


Step 1: Navigate to the SSO Settings Area


Logged into Channeltivity as an Administrator, go to Settings > Single Sign-On (SSO) > SAML Identity Provider. 



Step 2: Choose an existing external Service Provider to update


On the SAML Identity Provider page in Channeltivity, scroll down to the Service Providers section. These are the external Service Providers, where Channeltivity is acting as the Identity Provider. Click on the name of the Service Provider to access its details and then click the Edit button.




Step 3: Update an existing external Service Provider


From the Service Provider Edit page, you'll want to make a few changes shown below. First, make sure you have a certificate uploaded: 



Then under the Identity Provider Initiated Single Sign-On section, you'll want to enable at least one of the settings highlighted below. Signing both the Response and the Response Assertion will be more secure.


Lastly, enable the setting below that's used when the Service Provider initiates the SAML Request.



Step 4: Review external Service Provider configuration


Once you've saved your changes to the SP configuration in Channeltivity, log into the SP itself and verify that the SAML settings for signing and verifying match the corresponding settings in Channeltivity.



Step 5: Test the external Service Provider


With both SP and IdP configurations updated, test the SSO process to make sure everything is working and you're good to go! If needed, the Integration Log contains all SAML SSO activity and is helpful in troubleshooting issues.





Updating Existing Identity Providers


Step 1: Navigate to the SSO Settings Area


Logged into Channeltivity as an Administrator, go to Settings > Single Sign-On (SSO) > SAML Service Provider. 



Step 2: Choose an existing external Identity Provider to update


On the SAML Service Provider page in Channeltivity, scroll down to the Identity Providers section. These are the external Identity Providers, where Channeltivity is acting as the Service Provider. Click on the name of the Identity Provider to access its details and then click the Edit button.




Step 3: Update an existing external Identity Provider


From the Identity Provider Edit page, you'll want to make a few changes shown below. First, make sure you have a certificate uploaded: 



Then under the Identity Provider Initiated Single Sign-On section, you'll want to enable at least one of the settings highlighted below. Verifying both the Response Signature and the Response Assertion Signature will be more secure.


Lastly, enable the setting below that's used when the Service Provider initiates the SAML Request.




Step 4: Review external Identity Provider configuration


Once you've saved your changes to the IdP configuration in Channeltivity, log into the IdP itself and verify that the SAML settings for signing and verifying match the corresponding settings in Channeltivity.



Step 5: Test the external Service Provider


With both SP and IdP configurations updated, test the SSO process to make sure everything is working and you're good to go! If needed, the Integration Log contains all SAML SSO activity and is helpful in troubleshooting issues.