In the Settings page on the Directory Server administration site, you can configure STS sites for your SAML identity providers.
An STS, or Security Token Service, acts as a trusted broker that issues, validates, and revokes security tokens. These digital credentials allow an identity from one security domain - such as a corporate network - to be used for accessing services in entirely different domains, like cloud applications. The STS translates user credentials into standardized security tokens that target applications can trust, enabling single sign-on (SSO) capabilities while simplifying access control in complex, distributed environments.
- Click the add STS Site button to start configuring a STS site for your SAML identity provider.
- For each STS site, fill out the following information:
- Display Name: Choose the display name for your STS site.
- SAML endpoint: Determine the Fully Qualified Domain Name (FQDN) of the STS server machine. Use the default format indicated in the field and replace host.example.com with your FQDN.
- SAML identity provider discovery endpoint: Use the default format indicated in the field and replace host.example.com with your FQDN.
- Host Name: Click Add host name and enter your STS server's FQDN. If your STS instance host has a different public DNS name, make sure to register the internal host name.
- Click Save to finish creating your STS site.
Note: Laserfiche Directory Server administrators can enable checking against an allowlist to restrict redirects to a specific set of domains. To learn more, see Configuring a Redirect Allowlist.