You are currently reviewing an older revision of this page.

DRAFT KB-[SP-4917] How to enable additional SAML Assertion validations on Appian Cloud

Purpose

Appian has introduced additional SAML Assertion validations for improved security that will be enabled by default on Appian Cloud versions 20.3 and later. This feature is not enabled by default on Appian Cloud versions 20.2 and earlier. As this feature validates addition SAML Assertion parameters, the introduction of this feature may result in SAML login failures for some users.

To verify if any SAML configuration changes are needed to pass the additional SAML Assertion validations, Appian Cloud Customers on 20.2 and earlier can take the following steps to request this feature be enabled.

Instructions

  1. To verify if this feature will cause SAML login issues:

    1. Take a SAML Trace as outlined in the last section. The SAML trace must include the SAML Assertion from a login attempt.
    2. Navigate to the SAML Configuration page in the Admin Console.
    3. Confirm if the "Service Provider Entity ID" field in the Admin Console matches the <saml:Audience> field value exactly.
    4. If the fields from 3) match, everything is cool beans
    5. If not, update the <saml:Audience> field value on the IDP to match the "Service Provider Entity ID" value exactly.
    6. Open a Support Case with Appian Support requesting this additional SAML Assertion validation feature be enabled to confirm users can login successfully.

Affected Versions

This article applies to all versions of Appian Cloud

Last Reviewed: August 2020

© 2025 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.