SAML 2.0 single sign-on

Unica Platform supports SAML 2.0 based single sign-on.

In this mode, Unica users can be authenticated against any external or corporate identity provider that follows the standard SAML 2.0 protocol. Identity providers generate the SAML assertion, which is then used by Unica Platform to allow users to log in. Therefore, a fully functional SAML 2.0 IdP server is a prerequisite for this integration.

After you set up the required configuration properties and a metadata file, users who attempt to log in through the Unica Platform login page are authenticated through your organization's SAML 2.0 Identity Provider (IdP) server.

A configuration property, Add authenticated users to Platform, enables automatic creation of a Unica Platform account for any authenticated user who does not have a Unica Platform account. These users are automatically added to a default user group, ExternalUsersGroup, which has only the PlatformUser role initially. Alternatively, you can specify a custom group to which users are added.

If the Add authenticated users to Platform property is not enabled, users must have a Unica Platform account to log in.

A Unica Platform administrator can manage group memberships and roles to configure access to Unica products for the automatically created users.

The following diagram illustrates the SAML 2.0 based single sign-on mode in Unica.