CAPSYS CAPTURE Administrator Reference
Click here to see this page in full context

Enabling SAML

NOTE: SAML support for CAPSYS CAPTURE requires the purchase of CAPSYS' SAML Module Licensing.  Contact your Authorized CAPSYS Technologies Reseller, CAPSYS Technologies Sales Representative or sales@capsystech.com. You need an account with an Identity Provider to use SAML with CAPSYS CAPTURE. CAPSYS CAPTURE requires SAML 2.0 and will function as a Service Provider. Before setting up CAPSYS CAPTURE, you will need to create an Application with the Identity Provider and setup your users. CAPSYS CAPTURE (the Service) will be the SAML initiator.

 

Enable SAML Settings in CAPSYS CAPTURE  Process Manager

SAML Support must be enabled in the Settings Panel in the CAPSYS CAPTURE  Process Manager. From the CAPSYS CAPTURE Process Manager:

  1. Toggle the General Settings button on the Process Manager Toolbar to access the CAPSYS CAPTURE System Settings Panel.
  2. Select the Use a SAML Provider for User Authentication check box.

                                   

Figure 1 - User options

Enter IdP Information

CAPSYS CAPTURE needs three pieces of information from the ID Provider (IdP): the EntityID, Provider URL and a Certificate. The IdP will usually make this information available in an XML Metadata file.

Figure 2 - Google SAML Metadata

Figure 3 - OneLogin SAML Metadata

 

If you have a metadata XML file, use the 'Import' button to load the metadata. If not, enter each value in the appropriate field. Also, ensure that the EntityID field is correct. The value in the metadata XML file isn't always correct. For example, the Google SAML shown above uses 'CAPSYS' as the EntityID. But, the metadata XML file has a different value for the EntityID.

 

Create One or More User Accounts

After following the steps above, accounts may be created using the steps outlined in the topic Creating Users and Groups. Each account created will be added to the system as a "SAML" account type. Be aware that at this point the account has no CAPSYS CAPTURE Client permissions to use batch profiles, document types, or workflow queues. You must configure these settings to complete each account's setup.

 

Auto-provision User Accounts

Instead of creating all the user accounts ahead of time, you can check the 'Use auto-provisioning' checkbox and provide a Group. Setup this Group with any permissions that you want the SAML users to have by default. Then, on login, CAPSYS CAPTURE will automatically create an account for any authenticated SAML user and the user will inherit all the permissions from the Group.

 

Related Topics: