

SAML is an open-standard format for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP).
Note: As a service provider, Relativity supports SAML IdP-initiated single sign-on (SSO). However, it does not support SP-initiated SSO.
Relativity uses SAML assertions (tokens) to verify the users mapped to the identity provider. SAML assertions contain information on the identity of the individual who has logged in. Assertions also contain the identity provider issuing the assertion, known in Relativity as the Issuer URL. Each Assertion is typically prepared for a specific receiver, known as the Audience. Assertions protect this information by cryptography signing it. An Assertion is only valid if it is from a known Issuer URL to the expected Audience and correctly signed.
To add a SAML 2.0 authentication provider, complete the fields below.
Authentication Provider Information
Authentication Provider Settings
The following sections provides the guidelines for integrating Relativity with Okta and ADFS.
This is an example of configuring Okta.
Initial configuration:
Note: Single Sign On using SAML will not work until you configure the app to trust Okta as an IdP.
Next, set up the SAML 2.0 authentication provider in Relativity:
You have now set up your Relativity instance to list for SAML 2.0 assertions at a given endpoint on your server (the Redirect URL).
Next, finish setting up the SAML IdP in Okta:
You have now configured Okta to send SAML 2.0 assertions to your Relativity instance, and Relativity is set up to verify the SAML assertions.
Note: You must also assign Okta users to the SAML application, and then map the users to SAML login method in Relativity. When configuring the login method, you must specify the user's email in the SAML2 Subject field (if you select Email as the application username in Okta). For more information, see Managing user authentication methods.
You can also configure ADFS as a SAML 2.0 authentication provider for Relativity.
Note these terminology difference between Relativity and ADFS:
ADFS | ||
---|---|---|
Audience | Relying Party Identifier(s) | https://[company name].relativity.one/Relativity |
Redirect URL | End-Point URL | https://[company name].relativity.one/Relativity/Identity/<random string> |
Issuer URL | Services Trust End-Point (SAML) | http://<adfs-service>/adfs/services/trust |
SAML Subject Name | Claim Type | Name ID, E-Mail Address, UPN (Leave blank in Relativity SAML Provider configuration) |
n/a | Claim Rules | Incoming, Transformation, Outgoing Claim Rules (see below) |
When setting up claim rules, you must send Name ID as default claim type for Relativity. Use these guidelines:
Why was this not helpful?
Check one that applies.
Thank you for your feedback.
Want to tell us more?
Great!