Native SAML 2.0 for Single Sign-On

This topic is only applicable to on-premises installations.

This feature provides native SAML 2.0 support for single sign-on (SSO) in the Archer platform. Previously, with Federation Single Sign-On option, Microsoft ADFS service was also required when using a SAML-capable Identity Provider. With native SAML 2.0 support, choosing the SAML option in the Archer Control Panel allows Archer to communicate directly with Identity Providers that support SAML 2.0. Administrators continue to use the Federation option for SSO when using ADFS as the Identity Provider. Switch to SAML mode for ADFS configurations and utilize the Signing and Encryption certificate option under SAML mode for enhanced security of authentication assertions issued by ADFS.

Performance analysis notes for Native SAML 2.0 for Single Sign-On

No significant time difference was observed when establishing an Archer session through manual or SAML login.

When “Enable User Update” was turned on in the Archer Control Panel, with fields such as FirstName, LastName, Company, Title, PhoneNumber, FullAddress etc., updated through the SAML login process, no significant overhead was observed in the login process. The login time with and without profile updates remained approximately the same.