Configuring Parature Self-Service Portal



Similar documents
SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Connected Data. Connected Data requirements for SSO

Configuring. SugarCRM. Chapter 121

Configuring SuccessFactors

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Configuring. SuccessFactors. Chapter 67

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SAP NetWeaver AS Java

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Configuring Salesforce

Configuring on-premise Sharepoint server SSO

SAML single sign-on configuration overview

Configuring. Moodle. Chapter 82

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Sharepoint server SSO

SAML single sign-on configuration overview

Creating a generic user-password application profile

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

IIS, FTP Server and Windows

The Customer page is only displayed in Admin Portal on Managed Service Provider accounts. It is not displayed in customer accounts.

Centrify Cloud Management Suite

Configuring user provisioning for Amazon Web Services (Amazon Specific)

User-password application scripting guide

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Configuring the Samsung SDS CellWe EMM cloud connector

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

Google Apps Deployment Guide

Managing policies. Chapter 7

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Egnyte Single Sign-On (SSO) Installation for OneLogin

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

AVG Business SSO Partner Getting Started Guide

McAfee Cloud Identity Manager

Configuring an ios App Store application

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Flexible Identity Federation

Office 365 deployment checklists

An Overview of Samsung KNOX Active Directory-based Single Sign-On

State Health Repository Tool (SHRT) Testing Instructions

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

SchoolBooking SSO Integration Guide

VMware Identity Manager Administration

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

SAML application scripting guide

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Flexible Identity Federation

Setting Up Resources in VMware Identity Manager

OneLogin Integration User Guide

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

Copyright Pivotal Software Inc, of 10

Advanced Configuration Administration Guide

Defender Token Deployment System Quick Start Guide

SOLGARI CLOUD BUSINESS COMMUNICATION SERVICES CLOUD CONTACT CENTRE MICROSOFT DYNAMICS INTEGRATION

Technical Support Set-up Procedure

Managing users. Account sources. Chapter 1

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

VMware Identity Manager Administration

McAfee Cloud Identity Manager

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Egnyte Single Sign-On (SSO) Installation for Okta

Security Assertion Markup Language (SAML) Site Manager Setup

CA Performance Center

Configuring EPM System for SAML2-based Federation Services SSO

CA Nimsoft Service Desk

McAfee Cloud Single Sign On

Microsoft Office 365 Using SAML Integration Guide

Active Directory Self-Service FAQ

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Guide for Generating. Apple Push Notification Service Certificate

Upgrading Redwood Engine Software. Version 2.0.x to 3.1.0

T his feature is add-on service available to Enterprise accounts.

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Introduction and overview view of Citrix ShareFile provisioning. Preparing your Citrix ShareFile account for provisioning

Agenda. How to configure

Active Directory Integration for Greentree

ADFS Integration Guidelines

EQUELLA. Blackboard Learn Configuration Guide. Version 6.2

Fax User Guide 07/31/2014 USER GUIDE

Cloud Authentication. Getting Started Guide. Version

Single Sign On for ShareFile with NetScaler. Deployment Guide

Configure Single Sign on Between Domino and WPS

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

SonicWALL SSL VPN 3.5: Virtual Assist

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Quick Start Guide. Installation and Setup

DreamFactory on Microsoft SQL Azure

Using Internet or Windows Explorer to Upload Your Site

Identity as a Service Powered by NetIQ IdentityAccess Service Configuration and Administration Guide

Single Sign-on Frequently Asked Questions

Transcription:

Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature Self-Service Portal offers SP-initiated SAML SSO (for SSO access directly through the Parature Self-Service Portal web application). 1 Prepare for Parature Self-Service Portal single sign-on (see "Parature Self- Service Portal requirements for SSO" on page 2-705). 2 In the Samsung Admin Portal, add the application and configure application settings. Once the application settings are configured, complete the user account mapping and assign the application to one or more roles. For details, see "Configuring Parature Self- Service Portal in Admin Portal" on page 2-707. 3 Configure the Parature Self-Service Portal application for single sign-on. To configure Parature Self-Service Portal for SSO, copy settings from the Application Settings page in the Samsung Cloud Manager, and paste them into fields on the Parature Self-Service Portal website. For details, see "Configuring Parature Self-Service Portal on its web site" on page 2-711. After you are done configuring the application settings in the Admin Portal and the Parature Self-Service Portal application, users are ready to launch the application from the Samsung SDS CellWe EMM user portal. 704

Preparing for Configuration Preparing for Configuration Parature Self-Service Portal requirements for SSO Before you configure the Parature Self-Service Portal server for SSO, you need the following: An active Parature Service Desk account (SSO to Parature Self-Service Portal is configured here) with administrator rights for your organization. A Parature Self-Service Portal account. A signed certificate. You can either download one from Admin Portal or use your organization s trusted certificate. Setting up the certificates for SSO To establish a trusted connection between the web application and the cloud service, you need to have the same signing certificate in both the application and the application settings in Admin Portal. If you use your own certificate, you upload the signing certificate and its private key in a.pfx or.p12 file to the application settings in Admin Portal. You also upload the public key certificate in a.cer or.pem file to the web application. To download an application certificate from Admin Portal (overview): 1 In the Apps page, add the application. 2 Click the application to open the application details. 3 In the Application Settings tab, click Download Signing Certificate to download and save the certificate. What you need to know about Parature Self-Service Portal Each SAML application is different. The following table lists features and functionality specific to Parature Self-Service Portal. Capability Supported? Support details Web browser client Mobile client SAML 2.0 Yes No Yes Chapter 2 Configuring Parature Self-Service Portal 705

Preparing for Configuration Capability Supported? Support details SP-initiated SSO Yes IdP-initiated SSO No Force user login via SSO only No Separate administrator login after SSO is enabled (back door login) User or Administrator account lockout risk No No Automatic user provisioning Yes Parature Self-Service Portal supports Just-In-Time User Provisioning. Multiple User types No Self-service password Yes Users can set their passwords on the My Profile page. Cloud Manager user s guide 706

Configuring Parature Self-Service Portal in Admin Portal Configuring Parature Self-Service Portal in Admin Portal Tip It is helpful to open the Parature Service Desk web application SSO End Points page and the Samsung Admin Portal Application Settings window simultaneously to copy and paste settings between the two browser windows. For information on how to access the Parature Service Desk web application SSO End Points page, see "Configuring Parature Self- Service Portal on its web site" on page 2-711. To add and configure the Parature Self-Service Portal application in Admin Portal: 1 In Admin Portal, click Apps. 2 Click Add Web Apps. The Add Web Apps screen appears. 3 On the Search tab, enter the partial or full application name in the Search field and click the search icon. 4 Next to the application, click Add. 5 In the Add Web App screen, click Yes to confirm. Admin Portal adds the application. 6 Click Close to exit the Application Catalog. The application that you just added opens to the Application Settings page. 7 Copy the IdP Metadata URL and send it to your Parature Self-Service Portal Customer Success Manager (CSM). 8 Copy the SSO Connection Id (Entity Id). You need this information to configure the SSO End Point in Parature Service Desk, as described in Step3 on page 711. 9 Enter the SP Entity ID (provided by your Parature CSM). Chapter 2 Configuring Parature Self-Service Portal 707

Configuring Parature Self-Service Portal in Admin Portal 10 On the Application Settings page, expand the Additional Options section and specify the following settings: Option Application ID Show in User app list Security Certificate Description Configure this field if you are deploying a mobile application that uses the Samsung mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The cloud service uses the Application ID to provide single sign-on to mobile applications. Note the following: The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field. There can only be one SAML application deployed with the name used by the mobile application. The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters. Select Show in User app list to display this web application in the user portal. (This option is selected by default.) If this web application is added only to provide SAML for a corresponding mobile app, deselect this option so the web application won t display for users in the user portal. These settings specify the security certificate used for secure SSO authentication between the cloud service and the web application. Select an option to change the security certificate. Use existing certificate displays beneath it the certificate currently in use. The Download button below the certificate name downloads the current certificate through your web browser to your computer so you can supply the certificate to the web application during SSO configuration. It s not necessary to select this option it s present to display current status. Use the default tenant signing certificate selects the cloud service standard certificate for use. This is the default setting. Use a certificate with a private key (pfx file) from your local storage selects any certificate you want to supply, typically your organization s own certificate. To use this selection, you must click Browse to upload an archive file (.p12 or.pfx extension) that contains the certificate along with its private key. If the file has a password, you must enter it when prompted. 11 (Optional) On the Description page, you can change the name, description, and logo for the application. For some applications, the name cannot be modified. Cloud Manager user s guide 708

Configuring Parature Self-Service Portal in Admin Portal The Category field specifies the default grouping for the application in the user portal. Users have the option to create a tag that overrides the default grouping in the user portal. 12 On the User Access page, select the role(s) that represent the users and groups that have access to the application. When assigning an application to a role, select either Automatic Install or Optional Install: Select Automatic Install for applications that you want to appear automatically for users. If you select Optional Install, the application doesn t automatically appear in the user portal and users have the option to add the application. 13 (Optional) On the Policy page, specify additional authentication control for this application.you can select one or both of the following settings: Restrict app to clients within the Corporate IP Range: Select this option to prevent users outside the company intranet from launching this application. To use this option, you must also specify which IP addresses are considered as your intranet by specifying the Corporate IP range in Settings > Corporate IP Range. Require Strong Authentication: Select this option to force users to authenticate using additional, stronger authentication mechanisms when launching an application. Specify these mechanisms in Policy > Add Policy Set > Account Security Policies > Authentication. You can also include JavaScript code to identify specific circumstances when you want to block an application or you want to require additional authentication methods. For details, see Specifying application access policies with JavaScript. 14 On the Account Mapping page, configure how the login information is mapped to the application s user accounts. The options are as follows: Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userprincipalname or a similar field from the Samsung SDS CellWe EMM user service. Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account. Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script: LoginUser.Username = LoginUser.Get('mail')+'.ad'; The above script instructs the cloud service to set the login user name to the user s mail attribute value in Active Directory and add.ad to the end. So, if the user s mail Chapter 2 Configuring Parature Self-Service Portal 709

Configuring Parature Self-Service Portal in Admin Portal attribute value is Adele.Darwin@acme.com then the cloud service uses Adele.Darwin@acme.com.ad. For more information about writing a script to map user accounts, see the SAML application scripting guide. 15 (Optional) On the Advanced page, you can edit the script that generates the SAML assertion, if needed. In most cases, you don t need to edit this script. For more information, see the SAML application scripting guide. Note On the Changelog page, you can see recent changes that have been made to the application settings, by date, user, and the type of change that was made. 16 Click Workflow to set up a request and approval work flow for this application. See Configuring Workflow for more information. 17 Click Save. After configuring the application settings (including the role assignment) and the application s web site, you re ready for users to launch the application from the user portal. Cloud Manager user s guide 710

Configuring Parature Self-Service Portal on its web site Configuring Parature Self-Service Portal on its web site To configure Parature Self-Service Portal for SSO: 1 In your web browser, log in to Parature Service Desk as an Account Administrator, also called a System Administrator. 2 Select Setup > Portal > SSO End Points, then click New Portal End Point. 3 Complete the following fields on the New Portal End Point page. Field Name Department Email for Error Notifications Set it to Samsung SSO Protocol SAML 2.0 3 (Optional for Just-In-Time User Provisioning) Under Create & Update Mappings, click the paper-and-pencil icon to edit mapping for static fields. The Edit Mapping for Static Fields popup appears. Note If you want to use Just-In-Time User Provisioning, verify that Allowed Actions is set to Login & Create or Login, Create & Update. 4 (Optional for Just-In-Time User Provisioning) Enter the following text, then click Save to return to the New Portal End Point page. if attribute.[first_name] is defined set cust.[first_name] = attribute.[first_name] Discuss about an appropriate Department value for your company with your Parature CSM. Enter an email address of your system administrator. When a SSO attempt fails, the system administrator receives an email with details about the failed SSO attempt for troubleshooting purposes. SSO Connection Id (Entity Id) The value copied from Step 8 on page 707. Allowed Actions Lookup Query for Login Discuss appropriate settings with your Parature CSM. Just-In-Time user provisioning requires you to set this value to Login & Create or Login, Create & Update. 1 Click the paper-and-pencil icon to edit the lookup query. The Edit Lookup Query popup appears. 2 Enter the following text, then click Save to return to the New Portal End Point page. if attribute.[subject] is defined set cust.[email] = attribute.[subject] if attribute.[last_name] is defined set cust.[last_name] = attribute.[last_name] if attribute.[email] is defined Chapter 2 Configuring Parature Self-Service Portal 711

For more information about Parature Self-Service Portal set cust.[email] = attribute.[email] 5 Click Save to save the configuration and enable single sign-on. For more information about Parature Self-Service Portal For more information about configuring Parature Self-Service Portal for SSO, contact your Parature CSM, or refer to the support pages: https://support.parature.com/ics/support/mylogin.asp https://support.parature.com/link/portal/3/51/articlefolder/1754/configure-single- Sign-On-SSO-endpoints Cloud Manager user s guide 712

For more information about Parature Self-Service Portal Chapter 2 Configuring Parature Self-Service Portal 713

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information