SAML 2.0 single sign-on
Marketing Platform supports SAML 2.0 based single sign-on.
In this mode, HCL® Marketing Software users can be authenticated against any external or corporate identity provider that follows the standard SAML 2.0 protocol. Identity providers generate the SAML assertion, which is then used by Marketing Platform to allow users to log in. Therefore, a fully functional SAML 2.0 IdP server is a prerequisite for this integration.
After you set up the required configuration properties and a metadata file, users who attempt to log in through the Marketing Platform login page are authenticated through your organization's SAML 2.0 Identity Provider (IdP) server.
A configuration property, Add authenticated users to Marketing Platform, enables automatic creation of a Marketing Platform account for any authenticated user who does not have a Marketing Platform account. These users are automatically added to a default user group, ExternalUsersGroup, which has only the PlatformUser role initially. Alternatively, you can specify a custom group to which users are added.
If the Add authenticated users to Marketing Platform property is not enabled, users must have a Marketing Platform account to log in.
A Marketing Platform administrator can manage group memberships and roles to configure access to HCL Marketing Software products for the automatically created users.
The following diagram illustrates the SAML 2.0 based single sign-on mode in HCL Marketing Software.