Skip to main content

Entity Group

Federation membersDefinition

Entity Group

An entity group is just like a folder that allows you to manage different kinds of federation members. One of the most common ways to group federation members is by trust level.

Identity Provider

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

An Identity Provider is responsible for identifying users. Also, it is responsible for giving service providers information regarding the identifed use.

To create an identity provider, it is advisable to install a dedicated sync server. It can be configured as a proxy sync server as it does not need direct access to Soffid database. Instead, it will connect to main sync server to get users and federation information.

For more information about how to config a dedicated sync server you can visit the Install Sync server page.

Virtual Identity Provider

A single identity provider usually offers different profiles or service levels to diffeferent service provider. To be able to define this behavior, any Identity Provider can be split into many virtual identity providers. Those identity providers will be served by the same actual identity provider, but they will have different profile configurations.

Service Provider

The Service Providers are standard application servers that relays on Identity Providers to let the users log in.

To join the federation, the service provider management team must deliver its "Metadata". The service provider Metadata describes how the service providers behaves:

  • Which security algorithms does it support.
  • The public portion of its signing and encrypting keys.
  • The SAML protocols does it support.
  • The URL of each SAML protocol endpoint.
  • Contact information.

To let a service provider join your federation, simply click on the Service Providers node of the left hand side tree, click on the "Add" button and enter the required information:

  1. Public ID. It must match the EntityID at service provider metadata.
  2. Name. Enter a member description.
  3. Metadata. Paste the metadata sent by the member administrator.
Back to top