SAML Single Sign-On

About SAML Single Sign-On

Security Assertion Markup Language (SAML) single sign-on is the standard method Texas State uses to allow users to log into third party or cloud applications using their NetID and password.

• Available to: Faculty, Staff, Students
• Where to use: Online
• Cost: Free

Get Started

Follow these steps to get started with SAML:

1. Collect the following information from the Service Provider:

• Vendor Name and Contact information
• Whether the vendor is a member of InCommon
• Metadata URL Location or XML file.
  • Metadata is required. If the vendor does not provide metadata, the requestor can attempt to create it for them and attach it to the ticket. Systems team does not create metadata for vendors.
• Available landscapes (development, qual, production)
• Whether the service is fully SAML2 compliant
• Whether the service supports Encrypted and Signed assertions
• Minimum attributes required
• Unique identifier to be used (NetID, Texas State ID, email address)
• Any other attributes needed
• A copy of the privacy policy (or URL) that governs what is done with data released
• Any custom attributes required

2. Submit a SAML Single Sign-On service request.

3. After approval by the Information Security Office, Texas State (the Identity Provider or IDP) will configure a trust relationship with the Service Provider (SP) in a development or qual environment on our end and preferably in a non-production environment on the SPs end also. Once validated, we duplicate the settings in production.

NOTE: Texas State does not offer vendors a test account. We test the functionality of the connections with the vendor and help them troubleshoot any issues as they arise.

Learn

Texas State Identity Provider (IDP) endpoints:

List of attributes Texas State can potentially make available to Service Providers.

Need help? Contact us.