Regarding the Use of SAML Authentication

This feature is a paid option. For inquiries about option contracts and cost estimates, please contact us via the inquiry form in the management console.

SAML Settings

In SAML configuration, you can verify the items to be set up on the Identity Provider (IdP) to utilize SAML authentication, and register the IdP's information. The SAML settings are provided based on your contract, so you will need to perform additional configurations yourself.
The procedure is outlined below. Please also refer to the HENNGE Access Control Single Sign-On configuration manual.

Warning

This manual is written assuming that HENNGE ONE (HENNGE Access Control) is used as the Identity Provider (IdP).
If you are using a different IdP, please contact your IdP for assistance.

Using SAML Authentication with Customers Mail Cloud, CMC Domain Protection

Log in to the Management Console. Click on your "Account Name ▼" in the upper right corner of the screen, and select "SAML Settings" to switch the screen. (The SAML Settings menu is only displayed for Group administrator accounts.)
Select the SAML setting name displayed in the list on the SAML Settings screen to open the SAML setting details.

Display Name	Description
SAML settings name	The name of the SAML configuration will be displayed. ※This is a reference name for identification purposes. It does not affect the functions or services of the IdP that you directly use.
Group	The name of your own group to which the SAML settings are applied will be displayed.

Downloading Metadata from SAML Settings

When you open the SAML setting details, the SP Menu is already selected.Press the Metadata Download button within the frame of your specific service to download the file.

Regarding the Display of Services in Use

If you are not using CMC Domain Protection, the "IdP (CMC Domain Protection)" in the left menu and the CMC Domain Protection item within the "SP" menu will be hidden.

Please confirm that the downloaded file is in the following file format:

Customers Mail Cloud: saml_sp_metadata_cmc_yyyymmdd_time.xml
CMC Domain Protection: saml_sp_metadata_dp_yyyymmdd_.xml

Example：saml_sp_metadata_cmc_20251104_172135.xml

Please save the file in a location that is easily accessible, as it will be used when registering the service information with your IdP

Display Name	Description
SAML settings name	The SAML configuration name selected from the SAML Settings list will be displayed. ※This is a reference name for identification purposes. It does not affect the functions or services of the IdP that you directly use.
SP entity ID	The Entity ID of the service to be registered with the IdP will be displayed. ※The respective values for Customers Mail Cloud and CMC Domain Protection will be displayed, depending on your usage status.
SP Assertion Consumer Service (=ACS) URL	The ACS URL of the service to be registered with the IdP will be displayed. ※The respective values for Customers Mail Cloud and CMC Domain Protection will be displayed, depending on your usage status.
SP Name ID format	You can select the format for the user identifier (NameID) during SAML login.S - Email address: The format of an email address. - Unspecified: No specific format is designated. ※Please select the appropriate format by referring to the manual of your Identity Provider (IdP).

Registering the Service Provider (SP) on the IdP from Metadata

Log in to HENNGE Access Control and refer to the Single Sign-On configuration manual. Please upload the metadata or manually create the Service Provider configuration.

Although input is not required on the CMC screen, the detailed settings for Customers Mail Cloud (CMC) and CMC Domain Protection are listed below. Please refer to these details if they are required for implementation or inquiries with your IdP.

Name	Value
Nameid encrypted	false
Signed logout request	false
Signed logout response	false
Want messages signed	false
Want assertions signed	false
Sign metadata	false
Want assertions encrypted	false
Want nameid encrypted	false
Requested authncontext	password
Requested authncontext comparison	exact
Allow duplicated attribute name	true
Signature Algorithm	RSA-SHA256
Digest algorithm	SHA256
Reject deprecated algorithm	true

Registering IdP Metadata in Customers Mail Cloud

Regarding the menu displayed

The "IdP (CMC Domain Protection)" menu will not be displayed if you are not using CMC Domain Protection.

You will register the metadata downloaded from your IdP through the Management Console.

Please refer to the Single Sign-On configuration manual for instructions on how to download the metadata from your IdP and how to obtain the registration content.

Log in to the Management Console. Click on "Account Name ▼" in the upper right corner of the screen, and select "SAML Settings" to switch the screen. (This is only displayed for Group administrator accounts.)
Select the SAML setting name displayed in the list on the SAML Settings screen to open the SAML setting details.
From the IdP (Customers Mail Cloud) or IdP (CMC Domain Protection) menu, press Metadata Upload and upload the metadata you obtained from the IdP.
If the upload is successful, values will be set for each of the displayed fields.

Display Name	Description
IdP entity ID	Please enter the ID for IdP identification from your Identity Provider (IdP).
IdP Single Sign On (=SSO) service URL	Please enter the Single Sign-On URL obtained from your Identity Provider (IdP).
IdP X.509 public certificate	Please enter the content of the SAML Certificate obtained from your Identity Provider (IdP).

Log in to the Management Console. Click on "Account Name ▼" in the upper right corner of the screen, and select "Account Settings" to switch the screen. (This is only displayed for Group Administrator accounts.)
Select the target account from the list on the Account Settings screen, or add a new account, and then perform the SAML configuration. Please refer to the Account manual for the details.