7fivefive Lens supports SAML (Security Assertion Markup Language) for logging into the portal. Using SAML allows for easy user provisioning and a single login for users to remember all their enterprise applications.
This article explains how to configure the Lens Portal to be a SAML service provider (SP). Some SAML identity providers (IDPs) use different terminology for fields or attributes but we will try and cover the most common ones.
You will need administrator access to the 7fivefive Lens Portal
You will need administrator access to your SAML identity provider
Configuring the IDP
Each IDP is different, however, the following table should be all you need to configure the application in your IDP:
IdP Entity ID
This can be anything you like, but make a note of this for later in the process.
SP Entity ID/Application SAML audience/Metadata URL
ACS URL/Application ACS URL
The Lens Portal looks for the following attributes in SAML requests. Not all of them are required, but all are recommended. The attribute names are case-sensitive.
This should be the username that users will log into remote edit workstations with.
The user's first name
The user's last name
The user’s email address
The Lens Portal looks for the following group attributes in SAML requests. Providing group attributes allows Lens to automatically assign the correct role to users when they connect to the portal upon user provisioning. See the role mapping page for more information.
If group attributes are not provided, then when a SAML user is provisioned in the Lens Portal, they will automatically get the
Remote Edit User role.
This should be a list of groups that the user is part of.
Configuring the Lens Portal (SP)
Once you have created the application in the SAML IDP, you will need to download the IDP certificate
IDP URL/sign-in URL
IdP Entity ID
Configure SAML in the Lens Portal
Login to the Lens Portal. The user must have the 'Access to Settings' permission for the location where the scheduler will be enabled.
In the left sidebar, open the
Configurationmenu, then select the
Generalgroup, select the
7fivefive Lens Public FQDNfield, enter the FQDN for the Lens Portal. This should be without a protocol prefix, like
https://. An example of a valid FQDN is:
In the SAML provider name field, enter whatever you would like to be shown on the login page on the SSO button. This will be prefixed with
Sign in with. For example, if you enter
Oktain the field, then the button will be
Sign in with Okta
SAML Issuer URL/IDP Entity IDfield, enter the IDP entity ID from the previous section
SAML SSO URLfield, enter the IDP URL/sign-in URL from the previous section
SAML IDP certificatefield, click the
Choose filebutton. Select the IDP certificate downloaded previously. Alternatively, you can copy and paste this into the text field.