Customize > SAML Integration

You can use the SAML Integration area to customize the SAML integration settings,
allowing you to use SAML connections to access Xactly Incent.

note: You can configure a seamless single sign on (SSO) experience for your users that uses SAML and OAuth together. To do so, select the Enable SP-initiated SSO option when configuring SAML integration and then contact Xactly Support to enable SAML/OAuth integration. In this case, you do not need to configure OAuth using the Setup > Customize > OAuth Integration area.

Screen

screen-shot-2016-09-26-at-10-17-12-am

SAML Integration Screen

Required Fields

The following table describes the required information you need to specify when customizing
SAML integration:

screen-shot-2016-09-26-at-10-17-32-am

Optional Fields

The following table describes the optional information you can specify when customizing
SAML integration:

screen-shot-2016-09-26-at-10-17-41-am

All Fields

The following table describes the information you need to specify when customizing
SAML integration:

screen-shot-2016-09-26-at-10-18-05-am

How to…

This section describes the tasks you can perform when customizing SAML integration.

Specify the SAML Integration Settings

1. Click the Setup tab, then click Customize > SAML Integration in the secondary
menu. The SAML Integration screen appears.

2. In the SAML Version* field, choose the SAML version using the drop-down list.

3. In the Entity Id* field, type the entity ID of the identity provider.

4. In the SAML Issuer URL* field, type the URL of the SAML issuer.

5. (Optional) In the Custom Error URL field, type the URL for any errors that occur with
the SAML integration.

6. In the Primary Certificate* field, choose the primary certificate using the dropdown
list.

7. (Optional) In the Secondary Certificate field, choose the secondary certificate
using the drop-down list.
Xactly Incent uses the secondary certificate if the primary certificate has expired.
If both certificates have expired, Xactly Incent generates an error.

8. (Optional) In the Expiry Reminder field, type the number of days (between 1 and
999) prior to a certificate expiring that Incent should send an expiry notification
email to the designated address.
Incent only sends notifications for the primary and secondary certificates. By
default, Incent does not send an expiry reminder.

9. (Optional) In the Notification Email field, type the email address of the person who
should receive an expiry notification for any loaded SAML certificates.

10. (Optional) In the Custom Logout URL field, type the URL to which users should be
redirected after logging out from Incent.

11. (Optional) In the Enable SP-initiated SSO field, select the checkbox to enable SPinitiated
Single Sign-On to Xactly Incent.

Enabling this option causes all subsequent user login attempts to redirect to your
Identity Provider (IdP) system, including those through the main Xactly Incent login
page as well as those through Single Sign-On (SSO) integrations such as Salesforce.com
and Oracle CRM On Demand.

Enabling this option also allows users to activate SSO using the Xactly Incent for
iPad app.

12. (Optional) In the Single Sign-on Service URL field, type the URL to which users
should be directed to authenticate access to Incent.

13. (Optional) In the Enable SP-initiated SLO field, select the checkbox to enable SPinitiated
Single Logout from Xactly Incent.

Enabling this option allows users to log out of all participating sites in a federated
session essentially simultaneously.

14. (Optional) In the Single Logout Service URL field, type the URL that Xactly should
use to initiate a logout action on your organization’s identity provider (IDP).

This is the URL used for SP-initiated SAML interactions. When a user clicks the Logout
button in Xactly Incent, the user is logged out of Incent and a logout action is initiated
on your organization’s IDP using this URL. The user is then redirected to the
URL specified in the Custom Logout URL field.

note: For IDP-initiated SAML interactions, the IDP can use the Single Logout URL,
specified in the Xactly SP metadata file, to initiate a logout action on Xactly
Incent.

15. Click the button.

Display Xactly Service Provider Metadata

• Click the SAML 2.0 or SAML 1.1 link to display the corresponding Xactly Service Provider
metadata, respectively. The metadata appears in a new window.