Configure SAML Self-Registration (Legacy)
If you are using the new Single Sign-on and Just-In-Time Provisioning feature, see Configure JIT Provisioning.
Before you begin:
- Enable SAML authentication.
- Configure your identity provider to add the required attributes to your assertion.
- Add any optional attributes to the assertion that your identity provider can include.
To complete this task:
In the Veracode Platform, click the gear icon in the top menu and select Admin.
Click the SAML tab.
Ensure you have provided the settings for SAML single sign-on.
Select Enable Self Registration.
Choose if self-registered users require activation with these options:
- Activation Required: an administrator must approve the self-registered user before the user can log in. The user is notified when their registration is approved.
Veracode plans to deprecate the Activation Required option and recommends that you do not use this option.
- No Activation Required: when users self-register, they are directly logged in to the Veracode Platform.
Choose how the Veracode Platform handles conflicts between data in the SAML assertion and data in the Veracode Platform with these options:
Use SAML Assertion Data: the Veracode Platform is updated with whatever data is in the SAML assertion. This setting allows the identity provider to automatically update fields that may change, such as email address, phone number, or last name.
Prefer Veracode User Data: the Veracode Platform ignores any changes of data in the SAML assertion.
Choose which default attributes to set on individual users. Veracode requires that you either specify the default Veracode user role in the SAML attributes or the SAML assertion data. If you do not require activation for all newly registered users, set a default user role, otherwise the user cannot log in.note
Some attributes may not be populated if they are not available. Additional SAML attributes include the user roles, which specify which scan types the user is allowed to perform.