Single Sign On via SAML

CompleteFTP is virtually unrivalled when it comes to versatility and the capability for you to flex according to your customers and users requirements. A popular method of authentication, amongst CompleteFTP's plethora of authentication options, is SAML, available in CompleteFTP Enterprise Edition, This rigorous authentication method has been added to our product because we realize that many of your users prefer to make life easier. This is especially so when it comes to retaining and storing all those passwords and login credentials, which can so easily become a security hazard themselves when users end up writing them down or storing them in an insecure manner.

Delegate Authentication of Users

The great advantage of our SAML Single Sign On feature is that it allows multiple systems to delegate authentication of users to a single authentication server.

This means that accounts for access to many systems may be maintained in a single system. SAML (Security Assertion Markup Language) involves three parties:

  1. A normal web-browser
  2. A Service Provider (SP)
  3. An Identity Provider (IDP)

The SP is the web-server that the person using the browser wants to access, and the IDP is the server on which the person has an account. There is a trust-relationship between the SP and the IDP. In particular, the SP trusts the IDP when the IDP says that the client is allowed to log in. This relationship is established through the exchange of SSL certificates wrapped up in packages referred to as metadata. The SP must almost always have the IDP's metadata installed, before it can accept connections, so that it can verify messages from the IDP. The IDP doesn't always require the SP's metadata as it doesn't itself expose sensitive data. The exchange of metadata must happen before logins are possible.CompleteFTP can be configured as a SAML SP (Service Provider). It can delegate authentication to a IDP but it can't itself act as an IDP. One example of a reliable IDP that works hand in hand with CompleteFTP is OneLogin. Turning your CompleteFTP server into an SP, has many great advantages such as broadening your access potential and allowing 3rd parties to authenticate with you via the IDP authentication process. We are excited about this addition which compliments CompleteFTP’s already amazing feature list!

Other features