SAML Single-Sign-On (SSO)
|
|
- Frank Stewart
- 8 years ago
- Views:
Transcription
1 C O L A B O R A T I V E I N N O V A T I O N M A N A G E M E N T Complete Feature Guide SAML Single-Sign-On (SSO)
2 1. Features This feature allows administrators to setup Single Sign-on (SSO) integration between Brightidea and a company s identity management system. It also provides tools for administrators to help support user SSO login experience. 2. Prerequisite In order to implement Single Sign-on (SSO) integration using the SAML SSO feature, the following conditions must be met: SAML 2.0 Your company s identity management system must have SAML 2.0 capability. SAML is a SSO industry standard protocol. To know more, visit: Technical Resource To setup SSO integration, you most likely need the assistants of SSO Technical Engineer from your company. 3. Feature Overview To get to the SSO feature in your Brightidea system, navigate to Enterprise Setup Authentication Tab. There you will see two sub tabs: Auth Selection & SAML Profiles. SAML SSO BRIGHTIDEA Page 2
3 3.1 Auth Selection Tab This sub-tab displays a list of authentication option available for the system. By default, it only shows two standard methods: Brightidea Login & Registration. When a SSO method added, it will show up in the list. 3.2 SAML Profiles Tab This sub-tab is where a SAML SSO method is setup. SAML 2.0 is the standard Brightidea uses for SSO integration. Tab contains four sections: Service Provider Info This section presents information of your Brightidea system as a SAML Service Provider. The information is used for SAML configuration within your company. Identity Provider Setting This section allows administrator to input information about your company as a SAML Identity Provider. Support Settings This section allows administrator to enter contact information for SSO user access support. SAML Transaction Log This section contains navigation to SSO transaction log. SAML SSO BRIGHTIDEA Page 3
4 4. Getting Started Configure a SSO method It s likely that a SSO Engineer from your company is needed for the configuration. Login as administrator, and then navigate to Enterprise Setup Authentication Tab SAML Profiles Sub-tab The first step of setup is to exchange SAML information between the Brightidea and your company s Identity Management system. 4.1 Service Provider Information In SAML SSO integration, Brightidea is the Service Provider. You can find the Server Provider information in the Service Provider Info Section. SAML SSO BRIGHTIDEA Page 4
5 Assertion Consumer Service An endpoint URL for receiving SAML Response, copy and paste it into your company s Identity Management SAML setup. If your Brightidea system has multiple domain setup, you can choose the desired endpoint URL used for the configuration. Entity ID of this System A string that uniquely identifies your Brightidea system as SAML service provider, copy and paste it into your company s Identity Management SAML setup Download Metadata Metadata is information used in the SAML protocol to identify Brightidea as a service. It defines attributes like service addresses and certificates. Download from this link and upload it into your company s Identity Management setup. 4.2 Identity Provider Information In SAML SSO integration, your company s Identity Management system is the Identity Provider. At the Identity Provider Setting section, click on Add New button to enter applicable information. We call these settings a profile. SAML SSO BRIGHTIDEA Page 5
6 SAML Profile Name Give a name to the profile. Upload Metadata This field expects a valid Identity Provider metadata. Very often, you can export this metadata from your company s Identity Management system. Once uploaded, it can auto-populate some other fields in this profile. Single Sign-on Service An endpoint URL of your company s Single Sign-on service page. It will receive Authentication Request from Brightidea. It can be auto-populated through Metadata upload. Identity Provider Issuer This field expects a string that uniquely identifies the Identity Provider. It can be auto-populated through Metadata upload. Upload Public Key This field expects certificate used for signature verification in a SAML Response. It can be autopopulated through Metadata upload. Assertion Attribute Name Mapping Brightidea Service Provider requires two assertion attributes from the Identity Provider when receiving SAML Response. SAML SSO BRIGHTIDEA Page 6
7 address of the accessing user Screen Name Display name of the accessing user. Normally, it s the user s full name. In the corresponding input field, enter the name of those attributes used in SAML Response. SAML Response example with and screen name attributes:... <saml:attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string"> John Doe </saml:attributevalue> </saml:attribute> <saml:attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string"> johndoe@example.com </saml:attributevalue> </saml:attribute>... On Save Changes, a new Identity Provider profile will be created. SAML SSO BRIGHTIDEA Page 7
8 5. Test it out SSO Test Run Now that an SSO profile setup, you can give it a test. But before test begins, make the following preparation: **You will need access to 2 different types of browser**, such as IE and Chrome, or Firefox and Safari. One browser is for enabling setup, the other is for testing. DO NOT attempt setup and test in the same browser. Once SSO is enabled for a system, you can no longer login using regular Brightidea login method. Before the setup is validated, you want to avoid being locked out because of failed SSO attempts. **Inform existing system user on service interruption**. If your Brightidea system is already live with regular user accessing, it s best to perform sso testing on an off hour. If your system has yet launched, be sure to notify pre-launch user on testing schedule. Follow the steps below. It uses Chrome and Firefox in the instruction. In Chrome, navigate to Enterprise Setup, then Authentication Tab Auth Selection Sub Tab. You should see a SSO profile listed under the regular Brightidea login method. Check the method and click Save Changes. This will disable the regular Brightidea login method, and allow user access through SSO only. SAML SSO BRIGHTIDEA Page 8
9 Keep the Chrome browser open, and open Firefox, then enter the Brightidea system URL in the address bar. Browser will trigger SSO by sending SAML Authentication Request to the endpoint set in the Single Sign-on field of the Identity Provider Profile Setting. The user experience at this step is dependent on your company Identity Management system setup. The screenshot below is an example of the login interface at a company s Identity Management system. Your company s interface may not look like this. SAML SSO BRIGHTIDEA Page 9
10 In this example, we assume the user have yet authenticate with your company. The browser prompts for user login. If already logged in, user may not see any browser content from your company. After authentication verified, your company s Identity Management system will send request to the Brightidea Assertion Consumer Service endpoint, passing SAML Response. This is the endpoint presented in the Service Provider Info section. If the SAML Response is valid, user will enter into the Brightidea system. SAML SSO BRIGHTIDEA Page 10
11 After login, verify user account accuracy by visiting your profile page. The key is to check whether screen name and are populated correctly. If the data looks good, that means sso integration is a success. You can then open it up for other users to test. SAML SSO BRIGHTIDEA Page 11
12 6. Customize SSO Settings A SSO integration can be customized to fit your company needs. Go to an existing profile in the Identity Provider Info section, click on the Configure Advanced Settings link, and the profile will expose more configuration options. Entity ID of this Profile Value of this field defaults to the Entity ID of this System under the Service Provider Info section. However, you can choose to set one of your own. Logout URL Enter the URL of the page that your users should land on after logout of the Brightidea system. SAML SSO BRIGHTIDEA Page 12
13 Authentication Binding Choose to send the method of how the Authentication Request is sent: POST or REDIRECT. Signed Authentication Choose signature algorithm for the Authentication Request. By default, the request XML is not signed. Create member on initial access If enabled, user account is created in Brightidea system automatically on first time access. If disabled, new users will not be able to access. Only users who have existing accounts in system (possibly from manual user import) can access. The system uses either address or value from the NameID attribute in SAML Response to verify whether a user has an account in Brightidea. If a match is found on either, that means an account already exists. Update member on subsequent access If enabled, Brightidea profile is updated from SAML Response attributes automatically for returning users. If disabled, user attributes are from SAML Response will not over-write existing user profile data in Brightidea. The system uses either address or value from the NameID attribute in SAML Response to verify whether a user has an account in Brightidea. If a match is found on either, that means an account already exists. Profile Attribute Name Mappings You can choose to send profile attributes of the login user in the SAML Response. Map the names of those attributes to the Brightidea profile fields. SAML Response example with user profile attributes: SAML SSO BRIGHTIDEA Page 13
14 ... <saml:attribute Name="Lastname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string"> Doe </saml:attributevalue> </saml:attribute> <saml:attribute Name="Jobtitle" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string"> Sales </saml:attributevalue> </saml:attribute> <saml:attribute Name="Firstname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string"> John </saml:attributevalue> </saml:attribute>... Combine first and last name to create screen name Screen name is required for user access. It s normally the user s full name. If your company s Identity Management system cannot pass a screen name attribute on user SSO login, enable this option to combine value from first and last name field to create user s screen name. Group Attribute Map an attribute name from the SAML Response that contains user group value. User will be assigned to group on access. SAML Response example with group attributes: SAML SSO BRIGHTIDEA Page 14
15 ... <saml:attribute Name="groupName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string"> Group A;Group B;Group C </saml:attributevalue> </saml:attribute>... Use semicolon as delimiter if passing multiple group values in the same field. On user access, new groups will be created automatically. System prepends AUTO_ in group name to differentiate these from manually created groups. The accessing user is then assigned to those groups. Photo Attribute Map an attribute name from SAML Response that contains user profile photo. Attribute must contain hex value of an image file. Image must be in.png,.jpg, or.gif format. SAML Response example with profile image attributes: SAML SSO BRIGHTIDEA Page 15
16 ... <saml:attribute Name="profile_image" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string">ffd8ffe000104a ffdb a0c140d0c0b0b0c f141d1a1f1e1d1a1c1c20242e c2 31c1c c f27393d38323c2e333432ffdb c0b0c180d0d c ffc b009b ffc4001f a0bffc400b </saml:attributevalue> </saml:attribute>... On user access, the hex value will be converted to the appropriate image format, and uploaded as user profile image. 7. Support SSO Logins Brightidea system provides tools to help admin support user SSO login. 7.1 Support Setting Admin can configure contact information for accessing user in the Support Setting section. User would only be exposed to the information when a SSO login error is encountered. Name Contact name of SSO error support. Contact of SSO error support. Telephone Contact phone number of SSO error support. Send alert to Enable to receive alert when a user encounters SSO login error. Expose support info Enable to display support contact info at the SSO login error screen. SAML SSO BRIGHTIDEA Page 16
17 7.2 Transaction Log Every user access is recorded. Admin can review the records through the SAML Transaction Log. Click on the Go to SAML Transaction Log link, and the log list would display. SAML SSO BRIGHTIDEA Page 17
18 The list provides access to all SAML activities from last 30 days. Admin can sort and filter on each column in the list. Clicking on a Transaction ID opens the Transaction Detail page. SAML SSO BRIGHTIDEA Page 18
19 8. Troubleshoot an User Login Error When a user encounters SSO login error, a Reference ID would be generated. Depending on the Support Setting, system admin would receive that ID either through system generated , or direct contact by the user. Using the ID, you can troubleshoot for the cause of the issue. SAML SSO BRIGHTIDEA Page 19
20 8.1 Troubleshoot Steps Open SAML Transaction Log from Enterprise Setup Authentication Tab SAML Selection Sub-tab Locate the Reference ID column, copy the ID received from user access error, paste it under the column to filter records, then hit the Enter key. List will filter base on the ID. Once the targeted record is found, click on the Transaction ID to view detail. Check Error Message field to get information on the cause of the error. Check Request/Response XML for data exchanged at the time of the transaction between Brightidea and your company. SAML SSO BRIGHTIDEA Page 20
21 8.2 Error Message Reference Below is a list of possible error messages and what they mean. SAML 2.0 Artifact Binding is not supported The Identity Provider is set to use SAML 2.0 Artifact Binding. Brightidea SSO feature does not support this method. Please configure the Identity Provider to use POST binding. Invalid message received to AssertionConsumerService endpoint The Identity Provider had sent an invalid SAML Response value to the Brightidea. Check the transaction log detail page to see the SAML Response XML value sent. Missing <saml:issuer> in message delivered to AssertionConsumerService The SAML Response sent by Identity Provider is missing the Issuer element. Issuer is a required in the XML. Check the transaction log detail page to see the SAML Response XML value sent. The <saml:issuer> of the response does not match the identity provider we sent the request to The SAML Response sent by Identity Provider contains invalid Issuer value. The value must belong to the Identity Provider who had received authentication request from Brightidea. The required response parameter RelayState was missing An Identity Provider initiated SSO request is sent to Brightidea. The request is missing the RelayState parameter. Make sure both RelayState and SAMLResponse parameter are sent in Identity Provider initiated SSO request. No Identity Provider Profile Exists for this Issuer The SAML Response sent by Identity Provider contains invalid Issuer value. Check the value configured in the Identity provider Issuer field in the Identity Provider profile. The Issuer value in the XML must match the value configured in that field. More than one assertion in received response The SAML Response sent by Identity Provider contains multiple Assertion elements. A valid SAML Response contains only one Assertion element. Check the transaction log detail page to see the SAML Response XML value sent. Received duplicate assertion The SAML Response sent by Identity Provider contains an used Assertion. This happens when the assertion was already used for a previous user access. SAML SSO BRIGHTIDEA Page 21
22 Process Assertion: SAML Profile Not Found No SAML Profile contains the identity provider issuer found within the SAML Response. Check the value configured in the "Identity Provider Issuer" field in the SAML Profile settings. The issuer value in the XML must match the value configured in that field. Process Assertion: Destination in response doesn't match the current URL The SAML Response sent by Identity Provider contains an invalid Destination attribute value. Value should be the same as the Brightidea Assertion Consumer Service URL. Check the transaction log detail page to see the SAML Response XML value sent. Process Assertion: No assertions found in response from IdP The SAML Response sent by Identity Provider is missing Assertion element. A valid SAML Response contains an Assertion element. Check the transaction log detail page to see the SAML Response XML value sent. Process Assertion: Missing certificate in metadata This error occurs when the certificate uploaded in the Identity Provider profile setting is invalid. Process Assertion: Identity Provider Data Error: Could not find encoded certificate in file The error occurs when the SAML Profile s uploaded public key is unable to be read. Upload Public Key field requires a certificate in plain text format. Process Assertion: Neither the assertion nor the response was signed The SAML Response sent by Identity Provider is not signed. A valid signature is required in the XML. Process Assertion: Received an assertion that is valid in the future. Check clock synchronization on IdP and SP The error occurs when Identity Provider and Service Provider is not using the same time. Process Assertion: Received an assertion that has expired. Check clock synchronization on IdP and SP The error occurs when Identity Provider and Service Provider is not using the same time. Process Assertion: Received an assertion with a session that has expired. Check clock synchronization on IdP and SP The error occurs when Identity Provider and Service Provider is not using the same time. Process Assertion: Missing required <saml:authncontext> in <saml:authnstatement> The error occurs when Identity Provider sent a SAML Response with missing AuthnContext element. This SP [ ] is not a valid audience for the assertion. Candidates were: [ ] The error occurs when the entity id does not match the value found in the Audience XML attribute. SAML SSO BRIGHTIDEA Page 22
23 Create Session: Unknown error creating user An unexpected error occurred on user login. Create Session: User does not have access to this campaign or affiliate; you may need to add this user to a group or assign this user's group to the campaign. User's domain may be restricted User cannot access because of group assignment or domain restriction setting of your Brightidea system. Create Session: (Screen Name/ ) cannot be blank The error occurs when Brightidea Service Provider fails to receive valid Screen Name or value of the user from Identity provider. This could be caused by one of the reason below: Incorrect attribute mapping - Verify attribute mappings are correct at the Identity Provider Profile setting. Attribute name mappings are case sensitive. Create member on initial access is disabled User has been identified as a new user and cannot be created because of the disabled option. Failed to save member Unable to Retrieve Metadata The metadata uploaded in Identity provider setting is invalid. System Configuration Settings Not Found The error occurs when Identity Provider makes an IDP initiated request to a Brightidea system with no Identity Provider Profile setting configured. Unable to load certificate/public key The certificate/public key uploaded in Identity provider setting is invalid. Process Assertion: Missing <saml:nameid> or <saml:encryptedid> in <saml:subject> The error occurs when the NameID element is missing from SAML Response. Below is an example of the NameID element in a proper assertion. SAML SSO BRIGHTIDEA Page 23
24 9. Brightidea Mobile Access through Single Sign-On Once Single Sign-On is setup for your system, user can use it to access Brightidea mobile app. 9.1 Brightidea Mobile App In order to use Single Sign-on (SSO) for mobile access, you must obtain subscription to Brightidea Mobile app. To find out more on app subscription, please contact your Brightidea Account manager for more information. You can visit Brightidea mobile apps from links below. iphone App: Android App: SSO Logon in Mobile App Follow the steps below to access the mobile app through SSO. Download and install Brightidea Mobile app Launch the app from your device, and type in your address in input box and tab Next. SAML SSO BRIGHTIDEA Page 24
25 If SSO integration is setup correctly, the app will invoke browser within app, and redirect user to your company s user authentication page. Depending on the setup of your company s authentication service, user may or may not be prompted to enter company credential. After successful authentication, the user will be logged into the mobile application! SAML SSO BRIGHTIDEA Page 25
Single Sign-On Implementation Guide
Version 27.0: Spring 13 Single Sign-On Implementation Guide Last updated: February 1, 2013 Copyright 2000 2013 salesforce.com, inc. All rights reserved. Salesforce.com is a registered trademark of salesforce.com,
More informationEgnyte Single Sign-On (SSO) Installation for OneLogin
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Winter 16 @salesforcedocs Last updated: November 4, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
More informationThis section includes troubleshooting topics about single sign-on (SSO) issues.
This section includes troubleshooting topics about single sign-on (SSO) issues. SSO Fails After Completing Disaster Recovery Operation, page 1 SSO Protocol Error, page 1 SSO Redirection Has Failed, page
More informationSingle Sign-On Implementation Guide
Single Sign-On Implementation Guide Salesforce, Summer 15 @salesforcedocs Last updated: July 1, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationSingle Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites
Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single
More informationORACLE TALEO BUSINESS EDITION SINGLE SIGN ON SERVICE PROVIDER REFERENCE GUIDE RELEASE 15.A2
ORACLE TALEO BUSINESS EDITION SINGLE SIGN ON SERVICE PROVIDER REFERENCE GUIDE RELEASE 15.A2 APR. 17 TH., 2015 Part Number: E50271-02 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores,
More informationTo set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to WebEx
Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents
More informationSAP Cloud Identity Service Document Version: 1.0 2014-09-01. SAP Cloud Identity Service
Document Version: 1.0 2014-09-01 Content 1....4 1.1 Release s....4 1.2 Product Overview....8 Product Details.... 9 Supported Browser Versions....10 Supported Languages....12 1.3 Getting Started....13 1.4
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationConfiguring ADFS 3.0 to Communicate with WhosOnLocation SAML
Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview...
More informationZendesk SSO with Cloud Secure using MobileIron MDM Server and Okta
Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta Configuration Guide Product Release Document Revisions Published Date 1.0 1.0 May 2016 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San
More informationEgnyte Single Sign-On (SSO) Installation for Okta
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for Okta To set up Egnyte so employees can log in using SSO, follow the steps below to configure Okta and Egnyte to work with each other.
More informationADFS Integration Guidelines
ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS
More informationOnly LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.
This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and
More informationStep-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies
More informationConfiguring Single Sign-On from the VMware Identity Manager Service to Office 365
Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications
Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to AirWatch Applications
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationCopyright Pivotal Software Inc, 2013-2015 1 of 10
Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10
More informationIBM WebSphere Application Server
IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application
More informationAn overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)
Chapter 190 WebEx This chapter includes the following sections: "An overview of configuring WebEx for single sign-on" on page 190-1600 "Configuring WebEx for SSO" on page 190-1601 "Configuring WebEx in
More informationSAM Context-Based Authentication Using Juniper SA Integration Guide
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationSAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.
Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori
More informationConfiguring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)
Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will
More informationGetting Started with Single Sign-On
Getting Started with Single Sign-On I. Introduction NobleHour sets out to incentivize civic engagement by enabling users within companies, educational institutions, and organizations to conduct and coordinate
More informationAn overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)
Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about
More informationMcAfee Cloud Identity Manager
SAML2 Cloud Connector Guide McAfee Cloud Identity Manager version 1.2 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,
More informationOneLogin Integration User Guide
OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to ServiceNow
Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents
More informationNational Identity Exchange Federation. Web Browser User-to-System Profile. Version 1.0
National Identity Exchange Federation Web Browser User-to-System Profile Version 1.0 August 18, 2014 Table of Contents TABLE OF CONTENTS 1 1. TARGET AUDIENCE AND PURPOSE 2 2. TERMINOLOGY 2 3. REFERENCES
More informationConfiguring SuccessFactors
Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors
More informationFeide Technical Guide. Technical details for integrating a service into Feide
Feide Technical Guide Technical details for integrating a service into Feide May 2015 Document History Version Date Initials Comments 1.0 Nov 2009 TG First issue 1.2 Nov 2009 TG Added SLO description 1.3
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationPingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1
PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity
More informationConfiguring. Moodle. Chapter 82
Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare
More informationConfiguring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)
Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationConfiguring Salesforce
Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:
More informationHOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services
1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationFairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG-201406--R001.
Fairsail Implementer Microsoft Active Directory Federation Services 2.0 Version 1.92 FS-SSO-XXX-IG-201406--R001.92 Fairsail 2014. All rights reserved. This document contains information proprietary to
More informationNet 2. NetApp Electronic Library. User Guide for Net 2 Client Version 6.0a
Net 2 NetApp Electronic Library User Guide for Net 2 Client Version 6.0a Table of Contents 1 INTRODUCTION AND KEY FEATURES... 3 SOME OF THE KEY FEATURES INCLUDE:... 3 INSTALLATION PREREQUISITES:... 3 2
More informationSAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS
SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS Applies to: SAP Gateway 2.0 Summary This guide describes how you install and configure SAML 2.0 on Microsoft ADFS server and SAP NetWeaver
More informationSAP NetWeaver AS Java
Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationIAM Application Integration Guide
IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationConfiguring EPM System 11.1.2.1 for SAML2-based Federation Services SSO
Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO Scope... 2 Prerequisites Tasks... 2 Procedure... 2 Step 1: Configure EPM s WebLogic domain for SP Federation Services... 2 Step 2:
More informationConfiguring. SuccessFactors. Chapter 67
Chapter 67 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors
More informationT his feature is add-on service available to Enterprise accounts.
SAML Single Sign-On T his feature is add-on service available to Enterprise accounts. Are you already using an Identity Provider (IdP) to manage logins and access to the various systems your users need
More informationFor details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.
Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationSingle Sign On for ShareFile with NetScaler. Deployment Guide
Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents
More informationEgnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,
More informationAdd Microsoft Azure as the Federated Authenticator in WSO2 Identity Server
Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server This blog will explain how to use Microsoft Azure as a Federated Authenticator for WSO2 Identity Server 5.0.0. In this example
More informationSAML Authentication Quick Start Guide
SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.
More informationIMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS
APPLICATION NOTE IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS SAML 2.0 combines encryption and digital signature verification across resources for a more
More informationMcAfee Cloud Identity Manager
Salesforce Cloud Connector Guide McAfee Cloud Identity Manager version 1.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationHow To Get A Certificate From Digicert On A Pc Or Mac Or Mac (For Pc Or Ipa) On A Mac Or Ipad (For Mac) On Pc Or Pc Or Pb (For Ipa Or Mac) For Free
DigiCert User Guide Version 3.7 Contents 1 User Management... 7 1.1 Roles and Account Access... 7 1.1.1 Administrator Role... 7 1.1.2 User Role... 7 1.1.3 CS Verified User... 7 1.1.4 EV Verified User...
More informationUser Guide. Version R91. English
AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
More informationPingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0
Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity
More informationConfiguring Parature Self-Service Portal
Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature
More informationSP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.
Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Dropbox
Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox VMware Identity Manager SEPTEMBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Dropbox Table of Contents
More informationConfiguring SAML2 for Single Sign On to Smartsheet (Enterprise Only)
Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationDell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0
Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About
More informationDocuSign Single Sign On Implementation Guide Published: March 17, 2016
DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationStandalone SAML Attribute Authority With Shibboleth
CESNET Technical Report 5/2013 Standalone SAML Attribute Authority With Shibboleth IVAN NOVAKOV Received 10. 12. 2013 Abstract The article defines what a standalone attribute authority is and how it can
More informationINUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
More informationINTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE
INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by
More informationOIOSAML 2.0 Toolkits Test results May 2009
OIOSAML 2.0 Toolkits Test results May 2009 5. September 2008 - Søren Peter Nielsen: - Lifted and modified from http://docs.google.com/a/nemsso.info/doc?docid=dfxj3xww_7d9xdf7gz&hl=en by Joakim Recht 12.
More informationSingle Sign-on to Salesforce.com with CA Federation Manager
TECHNOLOGY BRIEF: SINGLE SIGN-ON TO SALESFORCE.COM WITH CA FEDERATION MANAGER Single Sign-on to Salesforce.com with CA Federation Manager TOMMY CHENG, PRINCIPAL ENGINEERING SERVICES ARCHITECT, CA PETER
More informationIntroduction to Directory Services
Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory
More informationDEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity
DEPLOYMENT GUIDE SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity Table of Contents SAML Overview...3 Integration Topology...3 Deployment Requirements...4 Configuration Steps...4 Step
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationAVG Business SSO Partner Getting Started Guide
AVG Business SSO Partner Getting Started Guide Table of Contents Overview... 2 Getting Started... 3 Web and OS requirements... 3 Supported web and device browsers... 3 Initial Login... 4 Navigation in
More informationHatco Lead Management System: http://hatco.scangroup.net/
Hatco Lead Management System User Guide General Notes: The Hatco Lead Management System (HLMS) is designed to work with modern web browsers, such as Internet Explorer 9 or newer, Firefox, Chrome & Safari.
More informationAdvanced Configuration Administration Guide
Advanced Configuration Administration Guide Active Learning Platform October 2015 Table of Contents Configuring Authentication... 1 PingOne... 1 LMS... 2 Configuring PingOne Authentication... 3 Before
More informationActive Directory Integration. Documentation. http://mid.as/ldap v1.02. making your facilities work for you!
Documentation http://mid.as/ldap v1.02 making your facilities work for you! Table of Contents Table of Contents... 1 Overview... 2 Pre-Requisites... 2 MIDAS... 2 Server... 2 AD Users... 3 End Users...
More informationSecurity Assertion Markup Language (SAML) Site Manager Setup
Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationCloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper
Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator
More informationqliqdirect Active Directory Guide
qliqdirect Active Directory Guide qliqdirect is a Windows Service with Active Directory Interface. qliqdirect resides in your network/server and communicates with qliqsoft cloud servers securely. qliqdirect
More informationAn overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)
Chapter 94 Intacct This section contains the following topics: "An overview of configuring Intacct for single sign-on" on page 94-710 "Configuring Intacct for SSO" on page 94-711 "Configuring Intacct in
More informationSSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. http://www.javasystemsolutions.com. Version 4.0
SSO Plugin Case study: Integrating with Ping Federate J System Solutions Version 4.0 JSS SSO Plugin v4.0 Release notes Introduction... 3 Ping Federate Service Provider configuration... 4 Assertion Consumer
More informationChapter 10 Encryption Service
Chapter 10 Encryption Service The Encryption Service feature works in tandem with Dell SonicWALL Email Security as a Software-as-a-Service (SaaS), which provides secure data mail delivery solutions. The
More informationSAML Authentication with BlackShield Cloud
SAML Authentication with BlackShield Cloud Powerful Authentication Management for Service Providers and Enterprises Version 3.1 Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCARD
More informationSAML 2.0 SSO Deployment with Okta
SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More information365 Services. 1.1 Configuring Access Manager. 1.1.1 Prerequisite. 1.1.2 Adding the Office 365 Metadata. docsys (en) 2 August 2012
1 1Configuring Single Sign-On For Office 365 Services NetIQ Access Manager is compatible with Office 365 and provides single sign on access to Office 365 services. Single sign on access is supported for
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server
INTEGRATION GUIDE DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is
More information