Step 3: Configure Yext as the Service Provider

Overview

Once you have configured your IDP, you will then need to create your SAML configuration in Yext, which is the service provider in this case. This can be done manually, by inputting all of your SAML settings. Or, you can import your SAML 2.0 settings from a Metadata XML file or Metadata URL that you obtain from your IDP.

If an XML file is uploaded, our system will parse the XML file to autofill as many of the settings as possible. If a URL is provided, our system will download the configuration file at the URL, parse it, and autofill as many of the settings as possible. After the information is parsed, you can see and review the successfully parsed settings. If any settings are not detected, those will need to be filled in manually. If the provided XML file contains multiple configurations, only the first configuration will be ingested.

Set up SAML Configuration

To set up SAML Configuration:

Step 1: Navigate to Yext’s SAML Configuration page

  1. Log into the Yext platform
  2. Navigate to Account Settings > User Access Management > SAML Configuration page.

Step 2: Select your Allowed Login Type

  1. Choose the SSO login flow you wish to enable. Allowing SP-initiated logins will enable Yext to redirect unauthenticated users to your IDP to be authenticated. Allowing IDP-initiated logins will enable users to navigate to Yext directly from your IDP, without first being redirected by Yext.
    • If IDP-initiated and SP-initiated is selected, both login flows will be enabled
    • If IDP-initiated Only is selected, unauthenticated users will not be redirected to login via the IDP and they must sign in via the IDP.
    • If SP-initiated Only is selected, unauthenticated users must get navigate first to Yext and then be redirected to login via the IDP. User logins where users navigate directly from the IDP will fail.

Step 3: Input your SAML Configuration

  1. Determine how you want to input your SAML configuration. To import your SAML Configuration, click on the Import SAML Configuration button and follow the steps below. Otherwise, enter the data manually for each field. See the table below for more details on each field in the SAML Configuration screen.
  2. After clicking Import SAML Configuration, click Select Source and select your Configuration Source. A dialog box appears.
    • Upload XML File: Select the XML file you’d like to import and click Open. After selecting the correct file, click Import. A dialog box appears.
      • Note: If the XML that was uploaded has multiple configurations, settings will be read from the first configuration.
    • Input URL: Enter the URL in the textbox and click Import.
  3. Fields that were successfully parsed from the URL or file will be filled in.
  4. Confirm that the fields contain the correct information, and manually enter any additional settings.
    • If you don’t have all the required information, you can click Save Progress. A dialog box appears. Click Save, and return once you have all the information.
  5. Once you have entered all of the required information, click Confirm to save your settings.

Populate the following fields as appropriate:

Field Required Read from Metadata? Description
Allowed Login Type Yes No Select the SSO login flows you wish to enable.
IDP Issuer Yes Yes The unique URL that identifies your identity provider in SAML assertions sent to Yext.
IDP Certificate Yes Yes The certificate contains the public key we will use to verify that the SAML authentication requests we receive are issued by your IDP.
IDP SSO URL No (Yes for SP-initiated logins) Yes The URL unauthenticated users will be redirected to for login.
SP-Initiated Request Binding No (Yes for SP-initiated logins) Yes The binding that should be used for authentication requests to the IDP.
SSO Logout URL No Yes The URL users will be directed to when they log out.
Signature Requirement Yes No Select whether the assertion, the response, or both should be signed.
Assertion Enryption No No Select whether the assertion should be encrypted. Selecting Yes will generate a certificate which is valid for one year.
Just-in-Time (JIT) Provisioning No No Select whether or not you would like to enable Just in Time Provisioning. For more information, see the Just in Time Provisioning guide .