Skip to main content

NIM

SAML

NIM supports SAML for authentication, providing a versatile and secure method for user verification. This capability allows NIM to authenticate users from a range of external systems that support SAML, including Microsoft Entra, Google Workspace and Okta. The advantage of using SAML for authentication in NIM is the convenience it offers; users can access NIM applications without the need for creating separate passwords within NIM itself. This feature simplifies the process of deploying NIM Apps, as it integrates with existing user credentials from these external systems, streamlining access and maintaining security.

Requirements

  • User must exist in NIM's internal user table with matching email address or username.

  • Internal users' authmethod property must be saml<Name>

    Note

    For example, if your SAML configuration in NIM is named "Azure", users' authmethod should be samlAzure.

  • HTTPS Enabled

  • External host URL properly configured

Configure Microsoft Azure (Entra) SAML

  1. Add Enterprise App to Entra

    1. Select Create you own application

  2. Enable Single Sign-On

    1. Enable SAML

    2. Ensure that Verification Certificates - Required is set to No

      entra-saml-verification-certificates.png

    3. Under the Sp tab, uncheck the Signed authn requests

      entra-saml-signed-authn-request.png

    4. Download metadata from Federation Metadata XML under SAML Certificates

      Warning

      DO NOT copy the URL from the App Federation Metadata XML entry. That has a different certificate which does not match the assigned cert for the app. You must download the Federation Metadata XLM, as shown below.

      saml-entra-metadata.png

  3. In the Users and groups section of your app, assign the users and groups that should be able to log into NIM.

    azure-entra-users-and-groups.png

  4. Open NIM Studio

    1. Go to Configuration > SAML

    2. Click Add Button

    3. Enter a Name for the configuration (e.g. Azure)

    4. The metadata downloaded from Entra should now be uploaded to the Idp Metadata field. Then click Create

      NIM_Configuration_SAML_Add.png

  5. Click on the newly created configuration in the grid to select it. A metadata URL is then provided to upload to Azure. Download the metadata file and upload it to your Azure app. This will automatically fill in the app's required fields.

    NIM_Configuration_SAML_URLs.png

  6. Click the UI_Edit.png button next to your SAML app to modify its settings. Ensure the settings in the Idp and Sp tabs resemble the following screenshots:

    1. Idp

      NIM_Configuration_SAML_Azure_Config_IDP.png

    2. Sp

      NIM_Configuration_SAML_Azure_Config_Sp.png
Configure Google Workspace SAML

  1. Setup your own custom SAML app in Google Workspace

  2. Download IDP Metdata

  3. Open NIM Studio

    1. Go to Configuration > SAML

    2. Click Add Button

    3. Enter a Name for the configuration (e.g. Google)>

    4. The metadata downloaded from Google should now be uploaded to the Idp Metadata field. Then click Create

      NIM_Configuration_SAML_Add.png

    5. Click on the newly created configuration in the grid to select it. URL's a given to be added to Google

      NIM_Configuration_SAML_Google_URLs.png

  4. Return to Google and configure the following URL's

    1. ACS URL: <NIM ACS Callback URL>

    2. Entity ID: <NIM Metadata URL>

    3. Signed Response: Enabled/Checked>

    4. Name ID Format: EMAIL

    5. Name ID: Basic Information > Primary Email

In this section: