McAfee Cloud Identity Manager

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "McAfee Cloud Identity Manager"

Transcription

1 Salesforce Cloud Connector Guide McAfee Cloud Identity Manager version 1.1 or later

2 COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, Avert, epo, epolicy Orchestrator, Foundstone, GroupShield, IntruShield, LinuxShield, MAX (McAfee SecurityAlliance Exchange), NetShield, PortalShield, Preventsys, SecureOS, SecurityAlliance, SiteAdvisor, SmartFilter, Total Protection, TrustedSource, Type Enforcement, VirusScan, and WebShield are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANTOR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

3 Contents 1.0 Introduction to McAfee Cloud Identity Manager Supported environments Supported browsers Application portal Management Console Available documentation Technical support Configuring SSO for a Salesforce User Certificate Management Enable SSO and SLO in Salesforce Test the Salesforce SSO Connection Configuring a Salesforce Cloud Connector Select the Cloud Application Type Specifying an Identity Connector Select an Existing Identity Connector Create a New Identity Connector Configure SAML Credential Mapping for a Salesforce Cloud Connector Add a New Target-Source Pair to the Credential Mapping Table Configure a SAML Assertion for a Salesforce Cloud Connector Configure the SAML Assertion Advanced Configuration Configure User Provisioning for a Salesforce Cloud Connector Add a New Target-Source Pair to the User Account Mapping Table Apply an Authorization Policy to a Salesforce Cloud Connector Configure the default policy action Configure policy rules and add them to the policy Policy conditions and their Boolean expressions Expression editor examples Review the Salesforce Cloud Connector Configuration...34 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 3

4 4 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

5 1.0 Introduction to McAfee Cloud Identity Manager McAfee Cloud Identity Manager (Cloud Identity Manager, formerly Intel Expressway Cloud Access 360-SSO) simplifies the management and secures the use of cloud, Software as a Service (SaaS), and web applications for companies and large organizations. Service and application providers can also use Cloud Identity Manager to simplify and improve the authentication process for their customers. Cloud Identity Manager provides support for the following features: Extensible framework Web single sign on (SSO) Multiple authentication methods Credential mapping and user provisioning Authorization policies and access control enforcement Event auditing and monitoring Connectors for popular cloud services and applications Web-based Management Console Cloud Identity Manager runs as a stand-alone server and is configured by an administrator using a webbased Management Console accessible from a web browser. For information about installing Cloud Identity Manager as a standalone server or as a cluster of servers, see the McAfee Cloud Identity Manager Installation Guide. For information about configuring Cloud Identity Manager in the Management Console, see the McAfee Cloud Identity Manager Product Guide. Cloud Identity Manager provides connectors for many popular cloud services and applications, including Google Apps and Salesforce.com. These connectors are built in to Cloud Identity Manager and simplify the deployment of the cloud service or application in an organization. Web SSO requires configuration in the Management Console and in the cloud application s user interface. Instructions for configuring SSO on the cloud application side are included in the documentation set. For customers who have Java-based or.net web applications that do not support SAML2 authentication, Cloud Identity Manager provides a custom connector. For information about integrating Java-based and.net web applications with Cloud Identity Manager, see the McAfee Cloud Identity Manager Integration Guide. For software developers who want to write their own cloud service connectors or authentication modules, Cloud Identity Manager provides an SDK. For more information about the SDK, see the McAfee Cloud Identity Manager Developer s Guide. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 5

6 1.1 Supported environments Cloud Identity Manager supports these environments. Version Architecture IA-32 Intel 64 Linux Operating System Red Hat Enterprise Linux Server and Advanced Platform 5.0 Windows Operating System Yes Yes Windows Server 2003 Standard Edition Yes Yes Windows Server 2003 DataCenter Edition Yes Yes Windows Server 2003 Enterprise Edition Yes Yes Windows Server 2008 Yes Yes 1.2 Supported browsers Cloud Identity Manager supports different browsers for the application portal and the Management Console Application portal For end users who seek access to SaaS and web applications through a portal using Cloud Identity Manager identity services, Cloud Identity Manager supports the following desktop and mobile web browsers. Note that Cloud Identity Manager services are running in the background and are not visible to the end user. Desktop browsers Google Chrome 16 Mozilla Firefox 9 Microsoft Internet Explorer 7, 8, and 9 Safari Mobile browsers Android 2.0 devices and WebKit browser ios devices and Safari browser Management Console The Cloud Identity Manager Management Console is a web-based user interface that provides administrators with a single, central point of management and control through a web browser on a local computer. For Management Console administrators, Cloud Identity Manager supports the following desktop and mobile web browsers. Desktop browsers Firefox 9 Internet Explorer 7, 8, and 9 Mobile browsers None are currently supported. 6 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

7 1.3 Available documentation The Cloud Identity Manager documentation set includes the following guides: McAfee Cloud Identity Manager Product Guide A complete guide to the Management Console and the configuration tasks needed to administer Cloud Identity Manager McAfee Cloud Identity Manager Developer s Guide Provides information for software developers who want to write custom Java code that extends Cloud Identity Manager functionality McAfee Cloud Identity Manager Installation Guide Includes the tasks and procedures that you need to install and remove Cloud Identity Manager as a standalone server on Microsoft Windows and Linux operating system platforms McAfee Cloud Identity Manager Integration Guide Provides instructions on how to integrate Javabased and.net web applications that do not support SAML2 authentication with Cloud Identity Manager Note: In addition to these guides, there are separate guides that document how to configure the different Cloud Connectors. For more information, see the McAfee Cloud Identity Manager Product Guide. 1.4 Technical support For technical assistance, contact McAfee support by one of the following options: Support portal: https://mysupport.mcafee.com Phone number: McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 7

8 8 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

9 2.0 Configuring SSO for a Salesforce User In the Software as a Service (SaaS) model, the Service Provider hosts the application and data in the cloud, and end users access the hosted service over the Internet through a web browser on a local computer. Salesforce is an example of a Service Provider that offers Software as a Service, including these Salesforce cloud applications: Sales Cloud 2, Service Cloud 2, Chatter, and Jigsaw. Salesforce applications and Cloud Identity Manager Cloud Connector support both Identity Provider (IdP)-initiated and Service Provider (SP)-initiated single sign-on (SSO). Integrating Salesforce and Cloud Identity Manager involves the following configuration steps. Enabling SSO and SLO in Salesforce in step 3 requires information from steps 1 and 2. For more information, see the corresponding sections: 1. Configuring a Salesforce Cloud Connector in the Cloud Identity Manager Management Console See section 3.0 Configuring a Salesforce Cloud Connector. 2. Certificate Management See section 2.1 Certificate Management. 3. Configuring your Salesforce administrator account See section 2.2 Enable SSO and SLO in Salesforce. 4. Testing the Salesforce SSO connection See section 2.3 Test the Salesforce SSO Connection. Note: The Management Console is the Cloud Identity Manager administrative interface. 2.1 Certificate Management On the SAML Assertion step of the Cloud Connector wizard, you need an X.509 certificate key pair. For testing the Salesforce Cloud Connector, you can use the default key pair (named intel cloud expressway ) that comes preconfigured with Cloud Identity Manager. However, when you deploy the Salesforce Cloud Connector, you need a key pair provided by Salesforce. These options are summarized as follows: Testing the Salesforce Cloud Connector To use the default key pair that comes preconfigured with Cloud Identity Manager, export it in the Management Console, and upload it in your Salesforce administrator account. Deploying the Salesforce Cloud Connector To use a key pair provided by Salesforce, download it in your Salesforce administrator account, and import it in the Management Console. Note: You can access the Certificate Management window in the Management Console by selecting Certificate Management from the Admin tab drop-down list. For more information, see the McAfee Cloud Identity Manager Product Guide. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 9

10 2.2 Enable SSO and SLO in Salesforce After you create the Salesforce Cloud Connector in the Management Console, you enable SSO and SLO in your Salesforce administrator account. To do so, you need the values you configured for the following fields on the SAML Assertion step of the Cloud Connector wizard in the Management Console: SAML assertion issuer Identity Provider Login URL Identity Provider Logout URL Note: If you do not have a Salesforce administrator account, you can visit the following link to obtain one: To enable SSO and SLO in Salesforce 1. Log in to your administrator account in Salesforce. 2. From the drop-down list beside your name, select Setup. 3. Under Administration Setup in the menu on the left, click Security Controls, and click Single Sign-On Settings. 4. Click Edit to open the Single Sign-On Settings dialog box. 5. To expand the dialog box, select the SAML Enabled checkbox. 6. In the Single Sign-On Settings dialog box, complete the following fields and settings: a. Select 2.0 from the SAML Version drop-down list. b. Copy the following values from the SAML Assertion step of the Cloud Connector wizard in the Management Console and paste them in your Salesforce account: Issuer Specifies the SAML assertion issuer. Identity Provider Login URL Specifies the URL of the Cloud Identity Manager SSO service used by Salesforce when initiating SSO. Identity Provider Logout URL Specifies the URL of the Cloud Identity Manager SLO service used by Salesforce when initiating SLO. c. Browse for the Identity Provider Certificate file. Note: Download this file in the Management Console. d. To specify the SAML User ID Type, select the Assertion contains the Federation ID from the User object option. e. To specify the SAML User ID Location, select the User ID is in an Attribute element option. f. Specify mail in the Attribute Name field. g. Click Save. 10 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

11 2.3 Test the Salesforce SSO Connection To test the Salesforce SSO connection, enter the Salesforce SSO test URL in your browser. You can find the test URL in the following locations in the Cloud Identity Manager Management Console: On the Review step of the Cloud Connector wizard To navigate to the Review step, click the edit icon corresponding to the Salesforce Cloud Connector in the Cloud Connectors tab, and then select the Review step in the navigation tree of the Cloud Connector wizard. In the General Info tab To open the General Info tab, click the troubleshooting icon corresponding to the Salesforce Cloud Connector in the Cloud Connectors tab. The SSO test URL is located in the SSO Demo Service area. To test the Salesforce SSO connection 1. Enter the following URL in your browser: https://<eca360sso-server>/identityservice/package/idp<id-connect>/portal <eca360sso-server> Specifies the host name or IP address of the server on which Cloud Identity Manager is installed and the port number of the Cloud Identity Manager service. Format: hostname:portnumber <id-connect> Specifies the name of the Identity Connector selected when the Salesforce Cloud Connector was configured. Cloud Identity Manager presents a login page. 2. Type your Cloud Identity Manager user name and password in the fields on the login page. You are authenticated, and a demonstration portal page is displayed. 3. To test the Salesforce SSO connection, click the Salesforce icons. You are logged in without authenticating again. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 11

12 12 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

13 3.0 Configuring a Salesforce Cloud Connector A Cloud Connector is the configuration that allows Cloud Identity Manager to connect to and provide services for a cloud application. When a Salesforce Cloud Connector is configured, Cloud Identity Manager can provide identity and SSO services for Salesforce users. You configure a Salesforce Cloud Connector in the Cloud Connector wizard in the Cloud Identity Manager Management Console. Configuring a Salesforce Cloud Connector in the wizard involves the following steps. For more information about each step, see the corresponding sections: 1. Cloud Application Type See section 3.1 Select the Cloud Application Type. 2. Identity Connector See section 3.2 Specifying an Identity Connector. 3. SAML Credential Mapping See section 3.3 Configure SAML Credential Mapping for a Salesforce Cloud Connector. 4. SAML Assertion See section 3.4 Configure a SAML Assertion for a Salesforce Cloud Connector. 5. User Provisioning See section 3.5 Configure User Provisioning for a Salesforce Cloud Connector. 6. Authorization Enforcement See section 3.6 Apply an Authorization Policy to a Salesforce Cloud Connector. 7. Review See section 3.7 Review the Salesforce Cloud Connector Configuration. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 13

14 3.1 Select the Cloud Application Type Select the Salesforce cloud application type. To select the Salesforce cloud application type 1. In the Cloud Connectors tab in the Management Console, click New Cloud Connector. The Cloud Connector wizard opens at the Cloud Application Type step. 2. Click the cloud application type: Salesforce. 3. Type a name for the Salesforce Cloud Connector in the Cloud Connector Name field. Note: The name can contain only letters, numbers, and the following characters:., _ and -. The name cannot contain spaces or exceed 64 characters in length and is not case-sensitive. Specify a meaningful name. For example, a name that identifies the Cloud Connector-Identity Connector combination is more useful than a URL which can change. 4. Type the name of your Salesforce Apps domain in the Salesforce Apps domain field. 5. Click Next. The Identity Connector window opens. 3.2 Specifying an Identity Connector To specify an Identity Connector, you select an existing Identity Connector or create a new one. There are six types of Identity Connectors: LDAP Integrated Windows Authentication with Active Directory (IWA-AD) ECA360 Token Authentication Authentication Chain SAML2 Proxy Central Authentication Service (CAS) For LDAP and IWA-AD Identity Connectors, identity information is retrieved from an identity store. To configure these Identity Connectors, you specify the ID of the identity store containing the identity information and how to search the specified identity store. To specify the search, you configure the following LDAP parameters: Base DN Specifies where to start searching in the LDAP tree Search Attribute Specifies the user attribute to retrieve from the identity store Search Scope Specifies how many levels to search in the LDAP tree below the Base DN For CAS and other Identity Connectors, identity information is retrieved from an authentication result provided by an external authentication service. To configure one of these Identity Connectors, you specify fields specific to each connector type. 14 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

15 3.2.1 Select an Existing Identity Connector If the Identity Connector is already configured, you can select it on the Identity Connector step of the Cloud Connector wizard. The settings on this step depend on the Identity Connector you select. For example, the Enable Additional Authentication Module(s) area is only displayed when the following conditions are met: The selected Identity Connector type is an authentication chain. When the authentication chain was created, one or more authentication modules were configured as Determined by Cloud Connector on the Policy Setting step of the Authentication Module wizard. To enable these modules, select the checkboxes in the Enable Additional Authentication Module(s) area. For more information, see the McAfee Cloud Identity Manager Product Guide. To select an existing Identity Connector 1. Select an existing Identity Connector from the list in the window, or click New Identity Connector to create a new one and add it to the list. 2. (Optional) To test the connection to the Identity Connector, click Test. Note: The Test button is disabled for Identity Connectors of type authentication chain. 3. (Optional) Select a user-defined portal category from the Category drop-down list, click Manage Categories, or both. For more information, see the next section. 4. (Optional) In the Enable Additional Authentication Module(s) area, select the checkboxes corresponding to the authentication modules you want to enable. Note: This area is only displayed when one or more modules in an authentication chain are configured as Determined by Cloud Connector. Example: OTP () 5. Click Next. The Identity Connector configuration is saved. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 15

16 Manage User-defined Portal Categories On the Identity Connector step of the Cloud Connector wizard, you can assign a user-defined portal category to the Cloud Connector that you are configuring. User-defined portal categories allow you to group applications having the same category on the application portal associated with that Identity Connector. For example, all applications tagged with the Cash Management category are displayed together on the portal. Each Identity Connector has its own menu of categories. To manage user-defined portal categories 1. To manage user-defined portal categories, click Manage Categories on the Identity Connector step of the Cloud Connector wizard. The Manage Categories dialog box opens. To add a new category, click Add, provide values for the fields in the Add Category dialog box, and click Save. URL Specifies the portal URL that you can use to access the Cloud Identity Manager service and the category ID. This value is provided for you. Name Specifies the name of the new category. Description (Optional) Specifies a description of the new category. To edit an existing category, click Edit, modify the values in the fields in the Edit Category dialog box, and click Save. To remove an existing category, select it in the Manage Categories dialog box, and click Remove. 2. Click OK. The Manage Categories dialog box closes, and the categories are saved and added to the Categories drop-down list in the Identity Connector window. 16 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

17 3.2.2 Create a New Identity Connector To create a new Identity Connector, you specify a name and an Identity Connector type. Fields open that correspond to the type that you select. To configure an LDAP or IWA-AD Identity Connector, you create a new or use an existing identity store. To configure a CAS or other Identity Connector, you specify fields specific to that connector type. You begin this procedure on the Identity Connector step of the Cloud Connector wizard. To create a new Identity Connector 1. Click New Identity Connector. The New Identity Connector dialog box opens. 2. Type a name in the Identity Connector field. 3. Select one of the following types from the Identity Connector Type drop-down list: LDAP Integrated Windows Authentication with Active Directory (IWA-AD) ECA360 Token Authentication Authentication Chain SAML2 Proxy Central Authentication Service (CAS) The New Identity Connector dialog box expands to show the parameters required to configure the selected Identity Connector type. 4. Configure the parameters required for the specified Identity Connector type. For more information, see the McAfee Cloud Identity Manager Product Guide. 5. Click Save Identity Connector. The Identity Connector configuration is saved. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 17

18 3.3 Configure SAML Credential Mapping for a Salesforce Cloud Connector On the SAML Credential Mapping step, you map identity information from Cloud Identity Manager to the target application. The Credential Mapping source is the user attribute name in the Cloud Identity Manager system. The target is the attribute name that you specified in the administrator s account of the cloud application. A SAML subject is the user whose identity is authenticated. The SAML subject type is the type of identity information. The SAML subject source is a value that corresponds to the specified subject type. For example, if the subject type is an authentication result, the subject source is an attribute value output by the Identity Connector. To configure SAML credential mapping for a Salesforce Cloud Connector 1. Select one of the following options from the Subject Type drop-down list, and then specify the Subject Source: CONSTANT Select this subject type if the identity information has a constant value, and then type the constant value in the Subject Source field. AUTHN_RESULT_FIELD Select this subject type if the identity information is one of the user attributes output by the Identity Connector, and then select the user attribute from the Subject Source drop-down list. EXPRESSION Select this subject type if the identity information is the result of an expression, and then type the expression in the Subject Source field. 2. In the table on the Credential Mapping step, you have the following options: Add Click Add to open the New attribute dialog box, configure a new target-source attribute mapping, and add it to the table. Edit Select a row in the table, and click Edit to open the editor and modify an existing target-source attribute mapping. Remove Select a row in the table, and click Remove to remove the target-source attribute mapping from the table. 3. Click Next. The SAML Assertion step opens. 18 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

19 3.3.1 Add a New Target-Source Pair to the Credential Mapping Table You add a new target-source pair to the credential or user account mapping table. To edit an existing target-source pair, you follow the same steps. To add a target-source pair to the credential or user account mapping table 1. Type the name of the attribute that Salesforce is expecting in the Target name field. 2. Select one of the following options from the Source type drop-down list: CONSTANT Select this source type if the identity information has a constant value, and then type the constant value in the Constant value field. AUTHN_RESULT_FIELD Select this source type if the identity information is one of the user attributes output by the Identity Connector, and then select the user attribute from the Authentication result drop-down list EXPRESSION Select this source type if the identity information is the result of an expression, and then type the expression in the Expression value field. 3. (Optional) When the SAML2 attribute mapping requires additional attributes, select the More options for attribute checkbox. In the table that opens, add the additional attribute name-value pairs. 4. Click Ok. The New attribute dialog box closes, and the new target-source attribute pair is added to the table on the Credential Mapping step. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 19

20 3.4 Configure a SAML Assertion for a Salesforce Cloud Connector Configuring SAML2 authentication in the Salesforce Cloud Connector wizard includes configuring the SAML assertion. In general, the SAML assertion is a message sent from an Identity Provider to a Service Provider asserting the authenticity of the message contents. The SAML assertion contains information about the user s identity and attributes. In this procedure, you configure Service Provider (SP)-initiated and Identity Provider (IdP)-initiated SSO: SP-initiated SSO The Salesforce application initiates the sign-on process and requires the Cloud Identity Manager sign-in and sign-out URLs. IdP-initiated SSO Cloud Identity Manager initiates the sign-on process and requires the Salesforce login and logout URLs. 20 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

21 To configure a SAML Assertion for a Salesforce Cloud Connector 1. Select a key pair from the Signature Keys drop-down list. Note: For testing the Salesforce Cloud Connector, you can use the default key pair (named intel cloud expressway) that comes preconfigured with Cloud Identity Manager. For deploying the Salesforce Cloud Connector, you need a key pair provided by Salesforce. For more information, see section 2.1 Certificate Management. 2. Copy the URL from the SAML assertion issuer field on the SAML Assertion window and paste it in the SSO field of your Salesforce administrator account. Format: https://hostname:portnumber/identityservice hostname Specifies the name of the server on which Cloud Identity Manager is installed. portnumber Specifies the port number of the server on which Cloud Identity Manager is installed. Default: 8443 Note: Salesforce uses the issuer URL to validate the SAML assertion sent by Cloud Identity Manager. 3. (IdP-initiated SSO) Select the Specify Relay State checkbox, and type the URL of the application that the user is requesting in the Relay State field. 4. To configure SP-initiated SSO, copy the Identity Provider Login URL and Identity Provider Logout URL from the SAML Assertion window to the corresponding fields in your Salesforce account. Identity Provider Login URL example: https://localhost:8443/identityservice/package/idpiwa-ad-connect/saml2/sso/sfconnect Identity Provider Logout URL example: https://localhost:8443/identityservice/package/idpiwa-ad-connect/saml2/slo/sfconnect 5. To configure IdP-initiated SSO, copy the login and logout URLs from your Salesforce account and paste them in the Login URL and Logout URL fields, respectively, in the SAML Assertion window. 6. (Optional) Expand the Advanced Configuration area. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 21

22 3.4.1 Configure the SAML Assertion Advanced Configuration Specify the Advanced Configuration categories and fields in the SAML Assertion window. To configure the SAML assertion Advanced Configuration 1. Open the Advanced Configuration area. 2. Open the Subject Details area. a. Select the format of the SAML name identifier from the Name ID format drop-down list. Example: urn:oasis:names:tc:saml:2.0:nameid-format:entity b. Select the SAML confirmation method identifier from the Confirmation method drop-down list. Example: urn:oasis:names:tc:saml:2.0:cm:bearer 3. Open the Authentication Statement area, and select the SAML authentication method type from the Authentication method drop-down list. Example: urn:oasis:names:tc:saml:2.0:ac:classes:password 4. Open the Attribute Statement area, and optionally, select the Put attributes in one statement checkbox. When this checkbox is selected, the attributes are placed in a single statement in the SAML assertion. Otherwise, each attribute is placed in a separate statement. 22 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

23 5. Open the Conditions area. a. (Optional) To restrict the audience of the SAML assertion to a specified URL, type the URL in the Add audience field and click Add audience. The URL is added to the Conditions area. Example: https://serviceprovider.com/service1 Note: Using the Add audience option, you can specify multiple SAML assertion recipients. If you do not specify the audience, the default value is the domain, for example, serviceprovider.com. b. Specify the following fields: Clock skew Specifies a value to use when calculating the SAML assertion s expiration time. This value is designed to offset small differences between clocks in different security domains. Default value: 20 Units: seconds Lifetime Specifies a lifetime value to use when calculating the SAML assertion s expiration time. When the expiration time is exceeded, the SAML assertion is invalidated by the assertion consumer. When specifying the lifetime value, take into account the estimated transmission latency between security domains. Default value: 60 Units: seconds 6. Open the Sign SAML Assertion area, and select one of the following options. Sign SAML Response Specifies that Cloud Identity Manager sign the entire SAML response that it generates. Sign SAML Assertion Specifies that Cloud Identity Manager sign just the assertion in the SAML response that it generates. Note: For more information about this setting, consult the SaaS or web application vendor s SSO profile. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 23

24 7. Open the Signature Method area. a. Select RSA_WITH_SHA_1 from the Signature generation method drop-down list. b. Select C_25_N_EXCLUSIVE from the Canonicalization generation method drop-down list. c. Select one of the following options from the KeyInfo Type drop-down list: RSA_KEY_VALUE Specifies that the SAML assertion is signed with an RSA private key. X_509_DATA Specifies that the SAML assertion is signed with a private key associated with an X.509 certificate. 8. Click Next. The User Provisioning step opens. 24 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

25 3.5 Configure User Provisioning for a Salesforce Cloud Connector When user account mapping is enabled, Cloud Identity Manager automatically provisions user accounts from the authentication source to the target application as users sign on. On-demand or dynamic user provisioning is also called just-in-time (JIT) user provisioning. When provisioning a user, Cloud Identity Manager creates a new or updates an existing user account in the Salesforce application using identity mapping rules that you configure in the User Provisioning window. The rules map identity information from the authentication source to the user account in Salesforce. To configure user provisioning for a Salesforce application, select the Enable user account mapping checkbox and specify the address and password of your Salesforce administrator account. To configure user provisioning for a Salesforce Cloud Connector 1. Select the Enable user account mapping checkbox. The User Provisioning window expands to include the Salesforce and password settings and the User Account Mapping table. 2. Type the address and password of your Salesforce administrator account in the Admin and Admin Password fields, respectively. 3. (Optional) Click Test to test the connection to the Salesforce application and verify the settings. 4. On the User Account Mapping table, you have the following options: Add Click Add to open the New attribute dialog box, configure a new target-source attribute mapping, and add it to the table. Edit Select a row in the Credential Mapping table, and click Edit to open the editor and modify an existing target-source attribute mapping. Remove Select a row in the Credential Mapping table, and click Remove to remove the target-source attribute mapping from the table. 5. Click Next. The Authorization Enforcement step opens. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 25

26 3.5.1 Add a New Target-Source Pair to the User Account Mapping Table You add a new target-source pair to the credential or user account mapping table. To edit an existing target-source pair, you follow the same steps. To add a target-source pair to the credential or user account mapping table 1. Type the name of the attribute that Salesforce is expecting in the Target name field. 2. Select one of the following options from the Source type drop-down list: CONSTANT Select this source type if the identity information has a constant value, and then type the constant value in the Constant value field. AUTHN_RESULT_FIELD Select this source type if the identity information is one of the user attributes output by the Identity Connector, and then select the user attribute from the Authentication result drop-down list EXPRESSION Select this source type if the identity information is the result of an expression, and then type the expression in the Expression value field. 3. (Optional) When the SAML2 attribute mapping requires additional attributes, select the More options for attribute checkbox. In the table that opens, add the additional attribute name-value pairs. 4. Click Ok. The New attribute dialog box closes, and the new target-source attribute pair is added to the table on the Credential Mapping step. 26 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

27 3.6 Apply an Authorization Policy to a Salesforce Cloud Connector On the Authorization Enforcement step of the Cloud Connector wizard, you can build an authorization policy that determines which users can access your cloud application and under what conditions. To build the policy, you configure individual policy rules and add them to the overall policy. Each rule consists of an expression, which can be made up of sub expressions. Each rule has an action, as does the overall policy. The rule action is to permit or deny access to your cloud application when the rule evaluates to TRUE. The overall policy action the default action is to permit or deny access to your cloud application when none of the rules in the policy evaluates to TRUE. When the policy configuration area first opens, the default policy action is set to deny access Configure the default policy action Configure the overall policy action for when none of the rules in the policy evaluates to TRUE. 1. Select the Enable Authorization Policy checkbox. The policy configuration area opens. 2. To modify the overall policy action, click the Permit access to myapp or Deny access to myapp link that is shown, where myapp is the name of your cloud application, select an option in the Change Default Action dialog box, and click OK. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 27

28 3.6.2 Configure policy rules and add them to the policy Each policy rule has an action and consists of an expression, which can be made up of sub expressions. 1. Click Add Rule, select an option in the Rule Action dialog box, and click OK. The new rule is added above the Add Rule button and shown with the selected permit or deny action. 2. Configure the new rule by clicking the following options. For more information about configuring expressions, see section Policy conditions and their Boolean expressions. Table 1. Option Policy Rule Configuration Options Description (Permit Deny) access to myapp Delete Rule AND OR +! Move Down Move Up Toggles the rule s action from permit to deny and deny to permit. Note: myapp is the name you assign to the Cloud Connector. Deletes the rule. Toggles the Boolean operators that specify whether the relationship among the expressions in the group at the current level of the rule have an AND relationship or an OR relationship. Note: All expressions at one level in the rule have the same Boolean relationship. Opens the Add Expression dialog box where you can configure an expression and add it to the rule. Note: Clicking the + sign above a group of expressions adds the expression to the bottom of the group. Clicking the + sign to the right side of an individual expression creates a sub group that consists of the selected expression and the new expression. Alternately adds the NOT operator to and removes the NOT operator from the group of expressions at the current level in the rule. Moves the rule down one position in the rule list in the configuration area. Note: This option is only visible when more than one rule is added to the policy. Moves the rule up one position in the rule list in the configuration area. Note: This option is only visible when more than one rule is added to the policy. 3. Click Next. The Review step opens. 28 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

29 3.6.3 Policy conditions and their Boolean expressions When you configure an expression, you first select the expression type or condition. When the condition is met, the expression evaluates to TRUE. The conditions and their corresponding Boolean expressions are shown in the following table. Condition Access Time Day of Week Client IP Address Client Device Subject Attribute Match Advanced Expression Boolean Expression The time of access falls within the specified time range. The day of the week belongs to the specified set of days. The client IP address falls within the specified address range. The client device has one of the specified types. The user attribute value meets the specified match. The specified Boolean expression evaluates to TRUE Restrict access to the specified time range You can restrict when users are allowed to access your application to a specified time range. 1. Click + to open the Add Expression dialog box. 2. Select Access Time from the Expression Type drop-down list. 3. Select an operator from the Access Time drop-down list, and specify the required values: Between Select a starting and ending time for the time range from the From and To dropdown lists, respectively. Greater than Select a value from the Time drop-down list. Less than Select a value from the Time drop-down list. Greater than or equal to Select a value from the Time drop-down list. Less than or equal to Select a value from the Time drop-down list. 4. Click OK to close the dialog box and add the expression to the policy rule Restrict access to specified days of the week You can restrict when users are allowed to access your application to specified days of the week. 1. Click + to open the Add Expression dialog box. 2. Select Day of Week from the Expression Type drop-down list. 3. Select one or more of the checkboxes corresponding to the days of the week. 4. Click OK to close the dialog box and add the expression to the policy rule. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 29

30 Restrict access to the specified range of client IP addresses You can restrict access to your application to users having an IP address in the specified range. 1. Click + to open the Add Expression dialog box. 2. Select Client IP from the Expression Type drop-down list. 3. Select an operator from the IP Address drop-down list, and specify the required values: Between Select a starting and ending IP address for the address range from the From and To drop-down lists, respectively. Equals Type a valid IP address in the IP field. Greater than Type a valid IP address in the IP field. Less than Type a valid IP address in the IP field. Greater than or equal to Type a valid IP address in the IP field. Less than or equal to Type a valid IP address in the IP field. Masked IP address Type values for the base IP address and the bit mask in the Base IP and Mask fields, respectively. 4. Click OK to close the dialog box and add the expression to the policy rule Restrict access to specified client devices You can restrict access to your application to users on a personal computer or a mobile device. 1. Click + to open the Add Expression dialog box. 2. Select Client Device from the Expression Type drop-down list. 3. Select one or both of the following checkboxes: PC Allows users on a personal computer to access your application. Mobile Allows users on a mobile device to access your application. 4. Click OK to close the dialog box and add the expression to the policy rule Restrict access to subjects having the specified attribute value You can restrict access to your application to subjects or users having a specified attribute value. To do so, you specify the subject type and the subject source. The subject type is the type of identity information. The subject source is a value that corresponds to the specified subject type. For example, if the subject type is an authentication result, the subject source is an attribute output by the Identity Connector. 1. Click + to open the Add Expression dialog box. 2. Select Subject Attribute Match Expression from the Expression Type drop-down list. 3. Select an option from the Subject Type drop-down list: CONSTANT Type a constant value in the Subject Source field. AUTHN_RESULT_FIELD Select a user attribute from the Subject Source drop-down list. EXPRESSION Type an expression in the Subject Source field. 4. Select an option from the Operator drop-down list, and specify the required values: Equals The user attribute value must equal the value you specify in the Value field. Contains The user attribute value must contain the value you specify in the Value field. Starts with The user attribute value must start with the value you specify in the Value field. Ends with The user attribute value must end with the value you specify in the Value field. Matches (regular expression) The user attribute value must equal the result of the regular expression you specify in the Regex field. In list The user attribute value must belong to the list of specified values. 5. Click OK to close the dialog box and add the expression to the policy rule. 30 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

31 Restrict access based on the specified expression You can restrict access to your application based on whether the expression you specify evaluates to TRUE or FALSE. To build the expression, you select and combine components from the drop-down lists with text that you type in the expression editor. 1. Click + to open the Add Expression dialog box. 2. Select Advanced Expression from the Expression Type drop-down list. 3. Click Edit to open the Expression editor. 4. Select components from the following drop-down lists, and add them to the expression. Built-in Library Function Select the following built-in function: $AuthnResult.isIPInRange Tests whether the client computer s IP address falls within the specified range. Syntax: $AuthnResult.isIPInRange(low_IP,high_IP,target_IP) Parameters low_ip Specifies the beginning value of the IP address range. high_ip Specifies the ending value of the IP address range. target_ip Specifies the IP address of the client computer seeking access to the application. Return Value Returns one of the following values: TRUE The client IP address falls within the specified range. FALSE The client IP address does not fall within the specified range. Built-in Library Variable Select one of the following built-in variables: $IP Specifies the IP address of the client computer seeking access to the application. $UserAgent Specifies the web browser s user agent which provides information about whether the browser is running on a personal computer or mobile device. AuthnResult Select an attribute from the AuthnResult drop-down list. Example: mail Expression: $AuthnResult.getField("mail") Note: This attribute is an authentication result output by the Identity Connector or by the preceding authentication module in an authentication chain. Operator Select an operator from the Operator drop-down list. Example: contains Expression: $AuthnResult.getField("mail") contains Note: The available operators are: ==,!=, >, <, >=, <=, contains, &&,, or, ~=, +, -, *, %, /, and =. 5. Complete the expression by typing in the Expression editor field. Example: mcafee.com Expression: $AuthnResult.getField("mail") contains "mcafee.com" McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 31

32 6. Click OK to close the Expression editor. 7. Click OK to close the dialog box and add the expression to the policy rule Expression editor examples The following examples show how to build an expression using the expression editor. Expression editor: example 1 The expression in the following example retrieves the attribute corporation from the authentication results and compares its value to the empty string on the right side of the expression. If the expression evaluates to TRUE, the user is not part of any corporation. If the Rule Effect is set to Deny, the user is denied access to the SaaS or web application. To create this expression: 1. Select the attribute corporation from the AuthnResult drop-down list. 2. Select the operator == from the Operator drop-down list. 3. Type the double quotes in the Expression editor field. 4. Click OK. 32 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

33 Expression editor: example 2 The expression in the following example uses the built-in library function $AuthnResult.isIPInRange and the built-in library variables: $IP and $UserAgent. The expression evaluates to TRUE if one or more of these conditions are met: The client computer IP address falls within the specified range. The client computer IP address equals the specified value. The web browser is running on an iphone. If the expression evaluates to TRUE and the Rule Effect is set to Permit, the user is granted access to the SaaS or web application. To create this expression: 1. Select $AuthnResult.isIPInRange from the Built-in Library Function drop-down list. 2. Type the low and high IP addresses that specify the range inside the first two pairs of quotes inside the parentheses. 3. Replace the third pair of quotes with the Built-in Library Variable $IP, which is the IP address of the client computer seeking access to the application. 4. Select the operator from the Operator drop-down list. 5. Select $IP from the Built-in Library Variable drop-down list. 6. Select the operator == from the Operator drop-down list. 7. Type an IP address enclosed in quotes in the Expression editor field. 8. Select the operator from the Operator drop-down list. 9. Select $UserAgent from the Built-in Library Variable drop-down list. 10. Select the operator contains from the Operator drop-down list. 11. Type iphone (including the quotes) in the Expression editor field. 12. Click OK. McAfee Cloud Identity Manager Salesforce Cloud Connector Guide 33

34 3.7 Review the Salesforce Cloud Connector Configuration On the Review step, you can view the application type, application name, and the Identity Connector. You can also use the SSO test URL to test the connection to Cloud Identity Manager identity and SSO services and to access the Salesforce cloud application. The Alias is a short name that you can use in place of the longer test URL. For more information, see section 2.3 Test the Salesforce SSO Connection. To accept and save the configuration, click Finish. The Salesforce Cloud Connector configuration is saved and added to the Cloud Connectors tab in the Management Console. 34 McAfee Cloud Identity Manager Salesforce Cloud Connector Guide

35

36 Order Number: US [Revision A]

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager SAML2 Cloud Connector Guide McAfee Cloud Identity Manager version 1.2 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager NetSuite Cloud Connector Guide McAfee Cloud Identity Manager version 2.0 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager SharePoint Cloud Connector Guide McAfee Cloud Identity Manager version 2.0 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Office 365 Cloud Connector Guide McAfee Cloud Identity Manager version 2.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Cloud Single Sign On

McAfee Cloud Single Sign On Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored

More information

McAfee Email Gateway 7.x Encryption and IronPort Integration Guide

McAfee Email Gateway 7.x Encryption and IronPort Integration Guide Sample deployment architecture For this guide, we have provided a deployment architecture example. This example includes an IronPort Email Gateway sending outbound email, and the McAfee Email Gateway Encryption

More information

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide McAfee epolicy Orchestrator 4.5 Cluster Installation Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in

More information

Application Note Configuring Department of Defense Common Access Card Authentication on McAfee. Firewall Enterprise

Application Note Configuring Department of Defense Common Access Card Authentication on McAfee. Firewall Enterprise Application Note Configuring Department of Defense Common Access Card Authentication on McAfee Firewall Enterprise McAfee Firewall Enterprise version 7.x and 8.x This application note describes how to

More information

Product Guide. McAfee Security-as-a-Service Partner SecurityDashboard 5.2.0

Product Guide. McAfee Security-as-a-Service Partner SecurityDashboard 5.2.0 Product Guide McAfee Security-as-a-Service Partner SecurityDashboard 5.2.0 COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Optimized Virtual Environments for Servers. Installation Guide

McAfee Optimized Virtual Environments for Servers. Installation Guide McAfee Optimized Virtual Environments for Servers Installation Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software Product Guide Revision A McAfee Secure Web Mail Client 7.0.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Desktop Release Notes. Desktop Release Notes 5.2.1

Desktop Release Notes. Desktop Release Notes 5.2.1 Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service Application Note Configuring McAfee Firewall Enterprise for McAfee Web Protection Service This document explains how to configure McAfee Firewall Enterprise (Sidewinder ) to redirect all web traffic to

More information

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software Product Guide Revision A McAfee Secure Web Mail Client 7.0.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Directory Services Connector extension

McAfee Directory Services Connector extension Getting Started Guide Revision A McAfee Directory Services Connector extension For use with epolicy Orchestrator 4.6.1 through 5.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission.

More information

Installation Guide for PCs. McAfee All Access

Installation Guide for PCs. McAfee All Access Installation Guide for PCs McAfee All Access COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,

More information

Configuring Salesforce

Configuring Salesforce Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

Release Notes for McAfee epolicy Orchestrator 4.5

Release Notes for McAfee epolicy Orchestrator 4.5 Release Notes for McAfee epolicy Orchestrator 4.5 About this document New features Known Issues Installation, upgrade, and migration considerations Considerations when uninstalling epolicy Orchestrator

More information

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide McAfee Optimized Virtual Environments - Antivirus for VDI Installation Guide COPYRIGHT Copyright 2010-2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce. Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

McAfee VirusScan Enterprise for Linux 1.7.0 Software

McAfee VirusScan Enterprise for Linux 1.7.0 Software Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

More information

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement Change Reconciliation and Ticket-based Enforcement COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services 1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2003

Setup Guide. Email Archiving for Microsoft Exchange Server 2003 Setup Guide Email Archiving for Microsoft Exchange Server 2003 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Release Notes McAfee Risk Advisor 2.6.2 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 Software

Release Notes McAfee Risk Advisor 2.6.2 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 Software Release s McAfee Risk Advisor 2.6.2 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 Software About this document New features System Requirements Supported Upgrades Installing and verifying

More information

WatchDox Administrator's Guide. Application Version 3.7.5

WatchDox Administrator's Guide. Application Version 3.7.5 Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals

More information

McAfee Total Protection Service Installation Guide

McAfee Total Protection Service Installation Guide McAfee Total Protection Service Installation Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Configuring SuccessFactors

Configuring SuccessFactors Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

Cloud Authentication. Getting Started Guide. Version 2.1.0.06

Cloud Authentication. Getting Started Guide. Version 2.1.0.06 Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

Configuring. SugarCRM. Chapter 121

Configuring. SugarCRM. Chapter 121 Chapter 121 Configuring SugarCRM The following is an overview of the steps required to configure the SugarCRM Web application for single sign-on (SSO) via SAML. SugarCRM offers both IdP-initiated SAML

More information

epolicy Orchestrator Log Files

epolicy Orchestrator Log Files Reference Guide epolicy Orchestrator Log Files For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,

More information

Configuring. SuccessFactors. Chapter 67

Configuring. SuccessFactors. Chapter 67 Chapter 67 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

McAfee epolicy Orchestrator 4.5 Product Guide

McAfee epolicy Orchestrator 4.5 Product Guide McAfee epolicy Orchestrator 4.5 Product Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,

More information

McAfee Endpoint Security 10.0.0 Software

McAfee Endpoint Security 10.0.0 Software Installation Guide McAfee Endpoint Security 10.0.0 Software For use with epolicy Orchestrator 5.1.1 5.2.0 software and the McAfee SecurityCenter COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without

More information

Sophos Mobile Control Installation guide

Sophos Mobile Control Installation guide Sophos Mobile Control Installation guide Product version: 2.5 Document date: July 2012 Contents 1 Introduction... 3 2 The Sophos Mobile Control server... 4 3 Set up Sophos Mobile Control... 13 4 Running

More information

AVG Business SSO Partner Getting Started Guide

AVG Business SSO Partner Getting Started Guide AVG Business SSO Partner Getting Started Guide Table of Contents Overview... 2 Getting Started... 3 Web and OS requirements... 3 Supported web and device browsers... 3 Initial Login... 4 Navigation in

More information

Data Center Connector 3.0.0 for OpenStack

Data Center Connector 3.0.0 for OpenStack Product Guide Data Center Connector 3.0.0 for OpenStack For use with epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

McAfee Endpoint Encryption for PC 7.0

McAfee Endpoint Encryption for PC 7.0 Migration Guide McAfee Endpoint Encryption for PC 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

DocuSign Connect for Salesforce Guide

DocuSign Connect for Salesforce Guide Information Guide 1 DocuSign Connect for Salesforce Guide 1 Copyright 2003-2013 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents refer to the DocuSign

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 34 Configurin guring g Clarizen Configure the Clarizen Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with Clarizen. Configuration also specifies how the application

More information

Configuring on-premise Sharepoint server SSO

Configuring on-premise Sharepoint server SSO Chapter 112 Configuring on-premise Sharepoint server SSO You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview of

More information

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated. Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated

More information

McAfee Asset Manager Console

McAfee Asset Manager Console Installation Guide McAfee Asset Manager Console Version 6.5 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Installation Guide. McAfee SaaS Endpoint Protection 5.2.0

Installation Guide. McAfee SaaS Endpoint Protection 5.2.0 Installation Guide McAfee SaaS Endpoint Protection 5.2.0 COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

More information

Product Guide Revision A. McAfee Cloud Single Sign On 4.0.1

Product Guide Revision A. McAfee Cloud Single Sign On 4.0.1 Product Guide Revision A McAfee Cloud Single Sign On 4.0.1 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Implementing McAfee Device Control Security

Implementing McAfee Device Control Security Implementing McAfee Device Control Security COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

HOTPin Integration Guide: Google Apps with Active Directory Federated Services HOTPin Integration Guide: Google Apps with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

ADFS Integration Guidelines

ADFS Integration Guidelines ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS

More information

OneLogin Integration User Guide

OneLogin Integration User Guide OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2010

Setup Guide. Email Archiving for Microsoft Exchange Server 2010 Setup Guide Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Sharepoint server SSO

Sharepoint server SSO Configuring g on-premise Sharepoint server SSO Chapter 99 You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Administration Guide. WatchDox Server. Version 4.8.0

Administration Guide. WatchDox Server. Version 4.8.0 Administration Guide WatchDox Server Version 4.8.0 Published: 2015-11-01 SWD-20151101091846278 Contents Introduction... 7 Getting started... 11 Signing in to WatchDox... 11 Signing in with username and

More information

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.

SAP NetWeaver Fiori. For more information, see Creating and enabling a trusted provider for Centrify on page 108-10. Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori

More information

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 Upgrade Guide McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection,

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information

Recommended Recommended for all environments. Apply this update at the earliest convenience.

Recommended Recommended for all environments. Apply this update at the earliest convenience. Release Notes McAfee Enterprise Mobility Management 11.0 Patch 4 About this document About this release Bug fixes and enhancement Installation instructions Files affected by patch Troubleshooting installation

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Administration Guide Revision E. Account Management. For SaaS Email and Web Security

Administration Guide Revision E. Account Management. For SaaS Email and Web Security Administration Guide Revision E Account Management COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS

More information

Defender 5.7 - Token Deployment System Quick Start Guide

Defender 5.7 - Token Deployment System Quick Start Guide Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 Setup Guide Revision B McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about

More information

McAfee SaaS Email Archiving

McAfee SaaS Email Archiving User Guide McAfee SaaS Email Archiving COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

McAfee Enterprise Mobility Management 11.0 Software

McAfee Enterprise Mobility Management 11.0 Software Product Guide McAfee Enterprise Mobility Management 11.0 Software For use with epolicy Orchestrator 4.6.5-5.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Setup Guide Revision A. WDS Connector

Setup Guide Revision A. WDS Connector Setup Guide Revision A WDS Connector COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee

More information

Sophos Mobile Control Startup guide. Product version: 3

Sophos Mobile Control Startup guide. Product version: 3 Sophos Mobile Control Startup guide Product version: 3 Document date: January 2013 Contents 1 About this guide...3 2 What are the key steps?...5 3 Log in as a super administrator...6 4 Activate Sophos

More information

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview) Chapter 94 Intacct This section contains the following topics: "An overview of configuring Intacct for single sign-on" on page 94-710 "Configuring Intacct for SSO" on page 94-711 "Configuring Intacct in

More information

Sophos Mobile Control Startup guide. Product version: 3.5

Sophos Mobile Control Startup guide. Product version: 3.5 Sophos Mobile Control Startup guide Product version: 3.5 Document date: July 2013 Contents 1 About this guide...3 2 What are the key steps?...5 3 Log in as a super administrator...6 4 Activate Sophos Mobile

More information

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding

More information

Sophos Mobile Control Installation guide. Product version: 3

Sophos Mobile Control Installation guide. Product version: 3 Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2007

Setup Guide. Email Archiving for Microsoft Exchange Server 2007 Setup Guide Email Archiving for Microsoft Exchange Server 2007 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Security 1.0 User Guide

McAfee Security 1.0 User Guide McAfee Security 1.0 User Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Administration guide version 1.0.1 Publication history Date Description Revision 2015.09.24 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

McAfee Solidcore 5.1.0 Product Guide

McAfee Solidcore 5.1.0 Product Guide McAfee Solidcore 5.1.0 Product Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or

More information

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace INTEGRATION GUIDE DIGIPASS Authentication for VMware Horizon Workspace Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is';

More information

Security Assertion Markup Language (SAML) Site Manager Setup

Security Assertion Markup Language (SAML) Site Manager Setup Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and

More information

Total Protection Service

Total Protection Service User Guide McAfee Total Protection Service for Microsoft Windows Home Server COPYRIGHT Copyright 2008 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Sophos Mobile Control Installation guide. Product version: 3.5

Sophos Mobile Control Installation guide. Product version: 3.5 Sophos Mobile Control Installation guide Product version: 3.5 Document date: July 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...10 4 External

More information

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software Installation Guide McAfee Security for Microsoft Exchange 7.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Centrify Cloud Management Suite

Centrify Cloud Management Suite Centrify Cloud Management Suite Installation and Configuration Guide April 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

Installation Guide. McAfee SaaS Endpoint Protection

Installation Guide. McAfee SaaS Endpoint Protection Installation Guide McAfee SaaS Endpoint Protection COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Siteminder Integration Guide

Siteminder Integration Guide Integrating Siteminder with SA SA - Siteminder Integration Guide Abstract The Junos Pulse Secure Access (SA) platform supports the Netegrity Siteminder authentication and authorization server along with

More information

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release) Product Guide McAfee SaaS Endpoint Protection (October, 2012 release) COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

CRM Migration Manager 3.1.1 for Microsoft Dynamics CRM. User Guide

CRM Migration Manager 3.1.1 for Microsoft Dynamics CRM. User Guide CRM Migration Manager 3.1.1 for Microsoft Dynamics CRM User Guide Revision D Issued July 2014 Table of Contents About CRM Migration Manager... 4 System Requirements... 5 Operating Systems... 5 Dynamics

More information

Configuring Parature Self-Service Portal

Configuring Parature Self-Service Portal Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is

More information

dotmailer for Salesforce Installation Guide Winter 2015 Version 2.30.1

dotmailer for Salesforce Installation Guide Winter 2015 Version 2.30.1 for Salesforce Installation Guide Winter 2015 Version 2.30.1 Page 1 CONTENTS 1 Introduction 2 Browser support 2 Self-Installation Steps 2 Checks 3 Package Download and Installation 4 Users for Email Automation

More information

Sophos Mobile Control Installation guide. Product version: 3.6

Sophos Mobile Control Installation guide. Product version: 3.6 Sophos Mobile Control Installation guide Product version: 3.6 Document date: November 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...5 3 Set up Sophos Mobile Control...11 4 External

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

McAfee Risk Advisor 2.7

McAfee Risk Advisor 2.7 Getting Started Guide McAfee Risk Advisor 2.7 For use with epolicy Orchestrator 4.5 and 4.6 1 McAfee Risk Advisor 2.7 Getting Started Guide About this guide COPYRIGHT Copyright 2012 McAfee, Inc. All Rights

More information

NETWRIX EVENT LOG MANAGER

NETWRIX EVENT LOG MANAGER NETWRIX EVENT LOG MANAGER ADMINISTRATOR S GUIDE Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

More information

Managing users. Account sources. Chapter 1

Managing users. Account sources. Chapter 1 Chapter 1 Managing users The Users page in Cloud Manager lists all of the user accounts in the Centrify identity platform. This includes all of the users you create in the Centrify for Mobile user service

More information