The SAML integration with Webdam should be handled by the company’s SAML admin. The SAML admin will require a Webdam account with admin privileges.
- Log into Webdam as an admin.
*the domain highlighted in red should be replaced with your webdam domain.
- Access the Webdam SAML configuration
Settings-> System Preferences -> SAML Settings (left navigation menu)
- Download Webdam’s SP Metadata XML file, by clicking on Download.
- Add Webdam’s SP Metadata XML file into your company’s IdP.
Please ignore the NOTE section that says not to set the claim with "NAME ID" as "Outgoing Claim type"
- Upload your company’s IdP XML file into Webdam, in the “Upload Identity Provider’s …” section
- Webdam requires the following attributes from the IdP:
- first name
- last name
- email fields
Configure the attributes returned by the IdP to properly map to Webdam’s defined fields in the “Mappings” section.
The ‘Last parsed attribute fields…’ section displays the attribute information returned by the IdP from the last login. Use this section to help properly map the IdP attributes to the Webdam fieldnames.
Note: This section will be empty until SAML login is performed. See “Testing SAML login” below. If section remains empty after SAML login, IdP may not be properly configured to return attributes to the SP (Webdam).
ADFS attribute mappings:
OneLogin attribute mappings:
Shibboleth attribue mapping:
Testing SAML login
- Use the following URL to test SAML login:
*remember to use your webdam domain
- The browser will redirect to company’s IdP. After providing SAML credentials, user should redirect back to Webdam authenticated.
*Receiving the “registration successful” notification indicates SAML authentication was successful, but new user account created in Webdam is set to inactive. To allow new users to automatically log into Webdam, log into Webdam as an admin and navigate to (Settings-> System Preferences), uncheck “New users must be approved after registering”.
- Verify user’s account is automatically created in Webdam by logging into Webdam as an admin. Navigate to (Permissions -> Users) and check the user account exists. If user account is not created, check the attribute field configurations (Step 6 in SAML setup).
Enabling SAML login
- After verifying SAML login is working, access the Webdam SAML configuration page (http://company.webdamdb.com/cloud/#settings/settings/saml-config) and enable SAML in the “SAML Page Button” section.
- The Webdam splash page (http://company.webdamdb.com/splash.php) should now display the “Internal Login” button triggering SAML login.
*Customers may implement SAML at anytime, but it is recommended to setup SAML during the initial onboarding process. Customers that implement SAML post implementation might run into duplicated user accounts. To avoid this, ensure that the username attribute returned by the IdP is the same as the current username in Webdam. When the username attribute is not located in Webdam, a new Webdam user account will be created.