Accruent Meridian Enterprise Server 2020 R2 Administrator's Guide

Configure SAML Authentication

Meridian Explorer can be configured to work with any SAML 2.0 compatible identity provider. For information about configuring PowerWeb and site cache connections to use SAML, see the Accruent Meridian Enterprise Administrator's Guide.

Note:

To complete this configuration, a Meridian Enterprise Server system administrator should understand how to configure an on-premises firewall to allow inbound connections if required.

Complete the follow tasks on the Meridian Enterprise Server computer to configure Meridian Explorer for SAML authentication. Command lines are shown below but the graphical user interface may also be used.

To configure the Meridian Explorer web site:

  1. On the Meridian Enterprise Server computer, in Internet Information Services (IIS), find the name of the Meridian Explorer web site, for example, Hyperion.

  2. Enable anonymous authentication mode. It might be necessary to unlock the sections first if appcmd.exe is used.

    appcmd set config "Default Web Site/BlueCieloECM.Hyperion" /section:system.webServer/security/authentication/anonymousAuthentication /enabled:true /commit:appHost

To configure the Meridian Explorer application:

  1. Open the AuthConfiguration.dat file in any text editor. By default, it is located in the C:\ProgramData\BlueCieloECM\Hyperion folder.

  2. Change or create the values listed in the following table. Settings are separated by commas (,).

    Authentication options
    Option Description Example

    UseOpenIdConnectAuthentication

    Enables SAML authentication.

    		 
    true

    HyperionAppUrl

    URL used to connect to PowerWeb. This must be the same URL as the one provided to the SAML identity provider.

    		 
    http://<MyDomain>/BlueCieloECM.Hyperion

    TenantId

    Meridian Portal tenancy name.

    		 
    <OrgName>

    IssuerUri

    URL of the Meridian Cloud authentication server.

    		 
    https://auth-ci2.meridiancloud.io/auth

    ClientId

    Value entered during registration with the SAML identity provider.

    		 
    localhyperion

    ClientSecret

    Value entered during registration with the SAML identity provider.

    		 
    secret

    The completed text block should look like this:

    {"UseOpenIdConnectAuthentication":true,"HyperionAppUrl":"http://MyServer/BlueCieloECM.Hyperion",
"TenantId":"MyOrg","IssuerUri":"https://auth-ci2.meridiancloud.io/auth",
"ClientId":"localhyperion","ClientSecret":"secret"}

  3. Restart IIS.

    iisreset

 

Accruent logo in white text.

© Copyright Accruent 2020Privacy PolicyTerms of UseLegal