Setting up SAML Sign-On

Secure Transparent Sign-On is available for the Glance Client, Glance Screen Share, Glance Device Casting, and Glance Cobrowse.

Glance’s service is a SAML 2.0 Service Provider (also sometimes known as a relying party). Glance integrates with customer-furnished Identity Providers for secure transparent sign-on. Glance services work correctly when sign on is initiated either by the Service Provider or the Identity Provider.

SAML 2.0-compliant Identity Provider services include (among others):

  • Ping
  • One Login
  • Salesforce.com
  • Microsoft Active Directory Federation Services (ADFS)
  • Microsoft Azure AD
  • CA Single Sign-On (formerly CA SiteMinder)
  • Okta
  • Shibboleth

As of Glance 3.6, Glance’s SAML provides automatic provisioning of new subscribers. If you wish to use automatic provisioning, please contact Glance Customer Success.

Setup

A Metadata Discovery Endpoint is needed from your identity provider. This is a small XML file or a URL for fetching the file. You also need to tell Glance the name of the attribute in your SAML protocol to use to identify your users. (See the Provisioning section) An administrator in your organization can obtain this information.

The Glance service provider usually has this Entity ID, but it can be changed if necessary.

glance.net/sp/1

The Glance service provider generally has this POST Assertion Consumer Service (ACS) URL. Note, however, that particular identity provider software may require something different.

https://www.glance.net/account/GetLoginKey.aspx?sso=1&idpid=EXAMPLE

Your identity provider may require an ACS prefix. It is: https://www.glance.net/

Please enter this information into your identity provider configuration without line breaks. Replace EXAMPLE with the value provided to you by Glance Customer Success.