Configure Encrypted SAML Assertions

Microsoft Entra ID and Okta provide an optional feature of encrypting the SAML assertions emitted to Laserfiche. Both identity providers include an option where you can import a public key certificate from Laserfiche.

This feature is optional and provides an additional layer of security beyond the standard measure of communicating over encrypted HTTPS/TLS channels, but introduces additional certificate administration overhead.

To download the certificate from Laserfiche

  1. Sign in to Laserfiche Cloud and navigate to the Account Administration service.
  2. View the Settings page and click on the Single Sign-On tab.
  3. Click the Service Provider Information link to view additional information.
  4. Locate the Public certificate field and click on the Download link to download the public key certificate that you can import into your identity provider.screenshot of service provider information dialog

Configure Microsoft Entra SAML token encryption

  1. Sign in to the Microsoft Entra admin center.
  2. On the Laserfiche application page, select Token encryption.
  3. On the Token encryption page, select Import Certificate to import the certificate downloaded from the Laserfiche Cloud service provider information dialog.
  4. Activate encryption by selecting the ... menu next to the thumbprint status and select Activate token encryption certificate.

See Microsoft's documentation for additional information

Configure Okta Assertion Encryption

  1. Sign in to the Okta Admin Console. 
  2. Go to Applications > Applications and select the Laserfiche app integration.
  3. Select the General tab.
  4. In the SAML Settings section, select Edit.
  5. On the Configure SAML step, select Show Advanced Settings.
  6. Next to the Assertion Encryption field, choose whether the SAML assertion is encrypted.
  7. The Encryption Certificate field appears when Assertion Encryption is set to Encrypted. Upload the certificate downloaded from the Laserfiche Cloud service provider information dialog.
  8. Finish the remaining steps in the Application Integration Wizard.

See Okta's application integration wizard SAML field reference for additional information