Important changes coming - new ways to use SAML with Preservica
We are introducing a new way for you to integrate your Preservica system with SAML. For the first time, SAML is available on multi-tenant systems, letting customers on our cloud platforms, Enterprise edition, benefit from the security and streamlined user management of delegating your authentication.
This new SAML configuration is now available to our New Gen Enterprise edition customers. Over the next few months we will complete its rollout across our application, including our Classic interface.
These changes to SAML are part of a wider rework of how authentication works in the platform to bring it in line with our scalable, secure, service based architecture. Some of this rework has already been delivered in Preservica 6.10 and 6.11 but because we kept the same experience, you might not have noticed any difference.
If you are a customer using SAML in our Classic interface, here’s what you can expect:
January 2024 - You will receive detailed instructions of changes required on this page and over email. In short, you will need to add a second Preservica configuration to your SAML Identity Provider. When we switch Classic over to new SAML, this second configuration will automatically start to be used. You can have the two configurations set up at the same time without issue, meaning you can make changes on your end anytime between January and your deprecation deadline. This also means that our dual running customers will be able to start using new SAML in their New Gen interface ahead of the deadline, while still using existing SAML to access the Classic interface.
May 2024 - EPC and EPCP customers will be switched onto the new SAML configuration. You will receive advance notice of the exact timeframe in May at least 30 days before.
July 2024 - EoP customers can switch onto the new SAML configuration as part of their scheduled Preservica update.
What’s different in our new SAML implementation?
Preservica has allowed for system level configuration of SAML for a number of years, as some of our EPC and on-premise customers already know. However, our new SAML meets the needs of more customers by being available:
✔️ On multi-tenant systems (Enterprise edition only)
✔️ For use with our New Generation interface
✔️ For configuration via our APIs
And, it allows for flexible role mapping, so you can integrate group or role membership in your SAML IdP with Preservica roles.
Please look out for the more detailed update in January which will help you prepare for the change and get the most out of our new SAML implementation.
What is SAML?
Considering if SAML is something you should start using? Here is a brief description of how it can help businesses using a cloud service.
SAML is a protocol that allows authentication to be delegated. For example, if you see “single sign on with [organization name]” when you’re using other applications, that can be done with SAML. In our case, that means that you will be able to configure Preservica to use your existing authentication platform, as long as it supports being a SAML Identity Provider (IdP). You can then log in with your existing account, without Preservica needing to have a copy of your credentials, or having to manage user accounts inside Preservica.
It is secured in two main ways: firstly, the IdP and the application (known as the Service Provider, or SP) have to be configured to trust each other; and secondly, the “assertion” which is sent to Preservica from the IdP is digitally signed.
Using SAML allows you to delegate authentication decisions to your existing authentication platform. Many of you are large organisations who will already have a lot of users and you would like to have cloud systems (like us) use the same authentication provider as you do internally. SAML is a secure and standard way to do that.