What is Enterprise Secret and why is it required for SAML SSO?

What is Enterprise Secret and why is it required for SAML SSO?

With SAML, an Identity Provider (IP) is asked whether the user is authorized to access idgard. This IP is not part of idgard, but rather an external service that redirects the user to the login page. The IP is used by a company, e.g., TÜV, to perform authentications, e.g., for SSO. Commonly used IPs are Microsoft (with its Active Directory) or Google, Okta, etc.; basically any time you see Login with ....

During SSO, the IP delivers a response (assertion response) which indicates whether the user is authorized to access idgard.

For idgard it is important to know whether the IP was actually commissioned by a company (e.g., TÜV) in order to be able to check permissions and grant access. Enterprise Secret is therefore also used to ensure that the response was really sent by the commissioned IP and not by a malicious third-party. Enterprise Secret is used to encrypt and decrypt the assertion response.


    • Recent Articles

    • Reporting illegal content

      The Digital Services Act (DSA) is an important tool for reporting problematic or harmful content in the digital space. It allows users to report potential violations of the DSA, helping to create a safer and more responsible online environment. Here ...

    • Data room archive

      In some professions it is necessary to archive documents. For this purpose, you can create a data room archive with idgard. This data room is available forever after conversion into an archive and thus secures all documents in this data room. This is ...

    • Delete multiple users at the same time

      In the user administration, you can delete multiple user accounts at the same time using batch actions. Which users you can delete depends on your own permissions and on the permissions of the users whose user accounts you would like to delete. To ...

    • Change the user status for multiple users at the same time

      In the user administration, you can deactivate multiple activated user accounts or reactivate multiple deactivated user accounts at the same time. Regardless of which users you select, the batch options are only performed for those users for whom ...

    • Manage permissions for multiple users at the same time

      In the user administration, you can change permissions for multiple users at the same time. Which permissions you can grant or modify depends on your own permissions and on the permissions of the users whose user accounts you would like to edit. To ...

    • Popular Articles

    • Uploading files

      Uploading files You can upload one or more files up to a size of 5 GB. For a fee, we can increase the size limit of 5 GB for you. You can only upload files with the "Write" permission. There are two methods with which you can upload files to a box. ...

    • Folder upload - behaviors and limitations

      Unsupported characters in file names will be replaced by an underscore during the upload process, this applies to these characters: *, /, \, ?, :, <, >, ^, ", &, | Example: M&A_Overview.xlsx will be renamed to: M_A_Overview.xlsx File names that ...

    • View box activities in the journal

      In data rooms and depending on the setting, certain activities can be registered in a journal. You can view the data room journal if you have the permission to do so. To view box activities in the journal: 1. Open the data room the journal of which ...

    • Welcome to the idgard® online help

      Welcome to the idgard® online help This online help is the main source of information for learning and working with idgard®. Click on one of the following links to obtain further information about idgard®. To use the online help: Search article Enter ...

    • Isn't encryption on the device the best bet for a safe cloud?

      Isn't encryption on the device the best bet for a safe cloud? The term „cloud computing“ encompasses two aspects: Data storage in a cloud for one’s self, excluding multiple or third-party access. Data processing or storage of information in a cloud, ...