Initializing help system before first use

Setting Up Authentication With an Identity Provider (IdP)

You can configure Xpress Insight to enable SAML single sign-on using an identity provider (IdP) for authentication. For an overview of how this works, see the Xpress Insight Installation Guide.
Authentication with an IdP requires a paid license. You cannot use an IdP with the community license.
To set up authentication with an IdP, follow these steps:
  1. Configure your IdP for the Xpress Insight 5 service.
    For more information, see the Xpress Insight Installation Guide.
  2. Enable SSL, if you have not already done so.
    For more information, see Enabling HTTPS Connections.
  3. Copy the IdP metadata file (idp-metadata.xml) and keystore (idp-keystore) to the server-config directory.
  4. Add the required properties to override.properties. The following example is based on the properties required for Okta: 
    insight.server.security.authentication=saml2
insight.server.security.saml2.encryption-key-store-password=the-keystore-password
insight.server.security.saml2.encryption-key-alias=the-keystore-alias
insight.server.security.saml2.after-logout-url=https://my-signed-out-location.internal
    See your IdP configuration for the values you should use.
  5. (Optional) If you want to enable single logout, add the following line to override.properties: 
    insight.server.security.saml2.single-logout.enabled=true
    If single logout is enabled, selecting Log out in the user interface logs out of the IdP and all applications the user is logged into.
    If single logout is enabled, you can also enable local logout by adding this property to override.properties: 
    insight.server.security.saml2.single-logout.local-logout-enabled=true
    If local logout is enabled, a Local log out option is added to the user interface. Selecting this option logs out of Insight only but leaves the user logged in to the IdP and any other applications.
  6. Start the Insight containers using docker compose up.
  7. In your browser, log in to Xpress Insight using an account with administrator permissions.
    If you have not already installed a license that supports SAML authentication, you are prompted to provide one. For more information about installing a license, see Xpress Insight Licensing.
Parent Topic Configuration and Administration

© 2001-2025 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.