View Only

How To: SAML Configuration in Faspex 5.x

By Anya Behn posted Thu May 25, 2023 12:42 AM



Here is how to configure SAML (with your idp provider) to talk to Faspex 5.x.

Here is the IBM Aspera SAML documentation:

Below is the specific template configuration for Okta, to give you a specific example

SAML Configuration for Faspex 5 with Okta as your Identity Provider (also known as your IDP).

Below, angle brackets  <xyz> indicate a variable specific to your customer configuration.


SSO URL:   https://<>/aspera/faspex/api/v5/samls/<ID>/callback (can be the same for recipient and destination.)

Audience URI (SP Entity ID): https://<>/aspera/faspex/api/v5/samls/<35>/saml_metadata

[Note: these are names for the same thing]

Audience Restriction:  https://<<ID>/saml_metadata


Default Relay State: 

Note: If you have a custom UI, then the Relay field is not blank.

Have the custom ui use the API to faspex backend, then api redirects to Faspex 5 ui.


Name id format: unspecified

Application username: okta username (or okta username prefix)—depends on your configuration.

Update application username on : Create and update

 screenshot from Okta SAML configuration screen on (your developer login)

Above, “Okta-Group” is whatever groups you have defined in your specific setup.


Here is a browser extension tool that may be helpful for debugging:

SAML-tracer — you can give the response from that to our Aspera support team.


Note: The Admin adding the SAML configuration to Faspex5 needs to be a member of the named “Okta-Group”.
#SAML #Aspera  #faspex5