Step 2: Configure the Identity Provider (IDP)
Overview
Configuration for SAML must be done in two places: the identity provider (IDP) and the service provider (SP). The IDP is the software tool or service that stores users and performs authentication. The SP is the application that the user is trying to access, which is Yext in this case.
Common IDPs
The steps to configure an IDP vary based on the provider. Below are a few common IDPs who have specific guides with configuration steps. * Okta * ADFS * Azure
Configure IDP
As mentioned, the steps to configure an IDP may vary drastically but here are the basic steps and common values that need to be set at the IDP:
Step 1: Find IDP configuration values in Yext’s platform
- Log into the Yext platform.
- Navigate to Account Settings > User Access Management > SAML Configuration page. Here you’ll find the Yext Assertion Consumer Service URL and Audience URL (SP Entity ID).
- If you cannot see the SAML Configuration page, make sure that your user has the Account Manager role assigned. See the Overview of Users, Roles, and Permissions module for more information.
- The Assertion Consumer Service URL and Audience URL (SP Entity ID) are meant to be the same value.
Step 2: Configure a SAML application within the IDP for Yext
- Login to your IDP.
- Create a new SAML 2.0 application for Yext.
- Fill in the configuration information. See the table below for more details on common fields.
- The exact field names and requiredness vary based on the IDP.
- There may be additional fields required by the IDP.
Field | Usually Required? | Description |
---|---|---|
Assertion Consumer Service (ACS) URL | Yes | The location where the SAML assertion is sent with a HTTP POST. Use what is listed at the top of the Yext’s SAML Configuration page. |
Audience URL (SP Entity ID) | Yes | The unique identifier that is the intended audience of the SAML assertion. Use what is listed at the top of the Yext’s SAML Configuration page. |
Recipient URL | Yes | The location where the application may present the SAML assertion. Use the ACS URL. |
Destination URL | Yes | The location where the SAML response is intended to be sent inside of the SAML assertion. Use the ACS URL. |
<% elem.innerText %>