Enable your organization to use an SAML identity provider, also called single sign-on, to import users and groups from an SAML identity provider and allow imported users to sign on to the organization with the credentials established in the SAML identity provider.

Verify that you are logged in as a system or organization administrator.

Verify that you have access to an OpenAM or Active Directory Federation Services SAML identity provider.

Create an XML file with the following metadata from your SAML identity provider.

The location of the single sign-on service

The location of the single logout service

The location of the service's X.509 certificate

For information on configuring and acquiring metadata from an OpenAM or Active Directory Federation Services SAML provider, consult the documentation for your SAML provider.


Click Administration.


In the left pane, select Settings > Federation.


Select Use SAML Identity Provider.


Copy and paste the SAML provider metadata XML into the text box or click Browse to upload the metadata XML file.


Click Apply.

Configure your SAML provider with vCloud Director metadata. See your SAML provider's documentation and the vCloud Director Installation and Upgrade Guide.

Configure your SAML provider to provide tokens with the following attribute mappings.

email address = "EmailAddress"

user name = "UserName"

full name = "FullName"

user's groups = "Groups"

Import users and groups from your SAML provider.

Install the JCE unlimited strength jurisdiction policy files. See