Skip to main content

NIM

SAML

NIM supports SAML for authentication, providing a versatile and secure method for user verification. This capability allows NIM to authenticate users from a range of external systems that support SAML, including Microsoft Entra, Google Workspace and Okta. The advantage of using SAML for authentication in NIM is the convenience it offers; users can access NIM applications without the need for creating separate passwords within NIM itself. This feature simplifies the process of deploying NIM Apps, as it integrates with existing user credentials from these external systems, streamlining access and maintaining security.

Requirements
Configure Microsoft Azure (Entra) SAML

  1. Add Enterprise App to Entra

    1. Select Create you own application

  2. Enable Single Sign-On

    1. Enable SAML

    2. Ensure that Verification Certificates - Required is set to No

      entra-saml-verification-certificates.png

    3. Under the Sp tab, uncheck the Signed authn requests

      entra-saml-signed-authn-request.png

    4. Download metadata from Federation Metadata XML under SAML Certificates

      Warning

      DO NOT copy the URL from the App Federation Metadata XML entry. That has a different certificate which does not match the assigned cert for the app. You must download the Federation Metadata XLM, as shown below.

      saml-entra-metadata.png

  3. Open NIM Studio

    1. Go to Configuration > SAML

    2. Click Add Button

    3. Enter a Name for the configuration (e.g. Azure)>

    4. The metadata downloaded from Entra should now be uploaded to the Idp Metadata field. Then click Create

      NIM_Configuration_SAML_Add.png

  4. Click on the newly created configuration in the grid to select it. A metadata URL is then provided to upload to Azure

    NIM_Configuration_SAML_URLs.png

  5. Update the following NIM Configuration settings

    1. Idp

      NIM_Configuration_SAML_Azure_Config_IDP.png

    2. Sp

      NIM_Configuration_SAML_Azure_Config_Sp.png
Configure Google Workspace SAML

  1. Setup your own custom SAML app in Google Workspace

  2. Download IDP Metdata

  3. Open NIM Studio

    1. Go to Configuration > SAML

    2. Click Add Button

    3. Enter a Name for the configuration (e.g. Google)>

    4. The metadata downloaded from Google should now be uploaded to the Idp Metadata field. Then click Create

      NIM_Configuration_SAML_Add.png

    5. Click on the newly created configuration in the grid to select it. URL's a given to be added to Google

      NIM_Configuration_SAML_Google_URLs.png

  4. Return to Google and configure the following URL's

    1. ACS URL: <NIM ACS Callback URL>

    2. Entity ID: <NIM Metadata URL>

    3. Signed Response: Enabled/Checked>

    4. Name ID Format: EMAIL

    5. Name ID: Basic Information > Primary Email

In this section: