Connected Data. Connected Data requirements for SSO



Similar documents
Configuring. SugarCRM. Chapter 121

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Configuring. SuccessFactors. Chapter 67

Configuring SuccessFactors

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Configuring Parature Self-Service Portal

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

SAP NetWeaver AS Java

SAML single sign-on configuration overview

Configuring on-premise Sharepoint server SSO

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Sharepoint server SSO

Configuring Salesforce

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Configuring. Moodle. Chapter 82

SAML single sign-on configuration overview

Creating a generic user-password application profile

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Egnyte Single Sign-On (SSO) Installation for OneLogin

Centrify Cloud Management Suite

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Google Apps Deployment Guide

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Managing users. Account sources. Chapter 1

An Overview of Samsung KNOX Active Directory-based Single Sign-On

IIS, FTP Server and Windows

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

OneLogin Integration User Guide

AVG Business SSO Partner Getting Started Guide

McAfee Cloud Identity Manager

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Using Internet or Windows Explorer to Upload Your Site

Egnyte Single Sign-On (SSO) Installation for Okta

Flexible Identity Federation

Centrify Mobile Authentication Services for Samsung KNOX

Security Assertion Markup Language (SAML) Site Manager Setup

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Centrify Mobile Authentication Services

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Office 365 deploym. ployment checklists. Chapter 27

McAfee Cloud Identity Manager

SAML application scripting guide

Office 365 deployment checklists

Single Sign On for ShareFile with NetScaler. Deployment Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Getting Started with AD/LDAP SSO

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Copyright Pivotal Software Inc, of 10

Working with Indicee Elements

Flexible Identity Federation

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Quick Start Guide. Installation and Setup

Fax User Guide 07/31/2014 USER GUIDE

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

DreamFactory on Microsoft SQL Azure

VMware Identity Manager Administration

McAfee Cloud Single Sign On

Cloud Authentication. Getting Started Guide. Version

Configuring an ios App Store application

Defender Token Deployment System Quick Start Guide

McAfee Cloud Identity Manager

Configuring EPM System for SAML2-based Federation Services SSO

ADFS Integration Guidelines

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Pulse Secure Client. Customization Developer Guide. Product Release 5.1. Document Revision 1.0. Published:

Lync Online Deployment Guide. Version 1.0

CA Nimsoft Service Desk

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

AVG Business SSO Connecting to Active Directory

Configuring identity platform settings

CA Performance Center

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

SAML Authentication Quick Start Guide

Active Directory Integration for Greentree

Microsoft Office 365 Using SAML Integration Guide

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Configure Single Sign on Between Domino and WPS

Agenda. How to configure

User-password application scripting guide

T his feature is add-on service available to Enterprise accounts.

Technical Support Set-up Procedure

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Single Sign-on Frequently Asked Questions

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Setting Up Resources in VMware Identity Manager

Enabling Single Sign- On for Common Identity using F5

User Management Tool 1.5

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Identity as a Service Powered by NetIQ IdentityAccess Service Configuration and Administration Guide

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

SchoolBooking SSO Integration Guide

Transcription:

Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated SAML SSO (for SSO access through the user portal or Centrify mobile applications) and SP-initiated SAML SSO (for SSO access directly through the Connected Data web application). You can configure Connected Data for either or both types of SSO. Enabling both methods ensures that users can log in to Connected Data in different situations such as clicking through a notification email. 1 Prepare Connected Data for single sign-on (see "Preparing for Configuration" on page 40-1). 2 In the Centrify Cloud Manager, add the application and configure application settings. Once the application settings are configured, complete the user account mapping and assign the application to one or more roles. For details, see "Configuring Connected Data in Cloud Manager" on page 40-2. After you have finished configuring the application settings in the Cloud Manager, users are ready to launch the application from the Centrify user portal. Preparing for Configuration Connected Data requirements for SSO Before you configure the Connected Data web application for SSO, you need the following: An active Connected Data account with administrator rights for your organization. A signed certificate. You can either download one from Cloud Manager or use your organization s trusted certificate. Setting up the certificates for SSO To establish a trusted connection between the web application and the cloud service, you need to have the same signing certificate in both the application and the application settings in Cloud Manager. 1

Configuring Connected Data in Cloud Manager If you use your own certificate, you upload the signing certificate and its private key in a.pfx or.p12 file to the application settings in Cloud Manager. You also upload the public key certificate in a.cer or.pem file to the web application. To download an application certificate from Cloud Manager (overview): 1 In the Apps page, add the application. 2 Click the application to open the application details. 3 In the Application Settings tab, click Download Signing Certificate to download and save the certificate. What you need to know about Connected Data Each SAML application is different. The following table lists features and functionality specific to Connected Data. Capability Web browser client Mobile client SAML 2.0 SP-initiated SSO IdP-initiated SSO Supported? No Support details Force user login via SSO only No Administrators and users can still log in with a user name and password after SSO is enabled. Separate administrator login after SSO is enabled No User or Administrator lockout risk No User name and password login is always available. Automatic user provisioning No Self-service password Users can reset their own passwords. Resetting another user s password requires administrator rights. Access restriction using a corporate IP range You can specify an IP Range in the Cloud Manager Policy page to restrict access to the application. Configuring Connected Data in Cloud Manager To add and configure the Connected Data application in Cloud Manager: 1 In Cloud Manager, click Apps. 2 Click Add Web Apps. Chapter 40 Configuring Connected Data 2

Configuring Connected Data in Cloud Manager The Add Web Apps screen appears. 3 On the Search tab, enter the partial or full application name in the Search field and click the search icon. 4 Next to the application, click Add. 5 In the Add Web App screen, click to confirm. Cloud Manager adds the application. 6 Click Close to exit the Application Catalog. The application that you just added opens to the Application Settings page. 7 Configure the following: Field Required or optional Set it to What you do SAML Consumer URL Required https://your- Copy the value from Organization CONNECTED-DATA-ACS- Preferences > Manage IdP Integration > URL SAML Consumer URL on the Connected Data website and paste it here. This is set the Fully Qualified Domain Name (FQDN) for your instance of the Connected Data server. Issuer URL Required The cloud service automatically generates the content for this field. SAML 2.0 Endpoint (HTTP) Required The cloud service automatically generates the content for this field. SLO Endpoint (HTTP) Required The cloud service automatically generates the content for this field. Download Signing Certificate Required The cloud service automatically generates the content. Copy this value and then paste it into the Organization Preferences > Manage IdP Integration > Issuer URL on the Connected Data website. Copy this value and then paste it into the Organization Preferences > Manage IdP Integration > SAML 2.0 Endpoint (HTTP) on the Connected Data website. Copy this value and then paste it into the Organization Preferences > Manage IdP Integration > SLO Endpoint (HTTP) on the Connected Data website. Download the signing certificate and then upload the certificate to Organization Preferences > Manage IdP Integration > X.509 Certificate on the Connected Data website. To use a certificate with a private key (pfx file) from your local storage, see Step 8 below. If you replace the certificate, download the signing certificate again and upload the new file to the Connected Data website. Cloud Manager user s guide 3

Configuring Connected Data in Cloud Manager 8 On the Application Settings page, expand the Additional Options section and specify the following settings: Option Application ID Show in User app list Security Certificate Description Configure this field if you are deploying a mobile application that uses the Centrify mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The cloud service uses the Application ID to provide single sign-on to mobile applications. Note the following: The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field. There can only be one SAML application deployed with the name used by the mobile application. The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters. Select Show in User app list to display this web application in the user portal. (This option is selected by default.) If this web application is added only to provide SAML for a corresponding mobile app, deselect this option so the web application won t display for users in the user portal. These settings specify the security certificate used for secure SSO authentication between the cloud service and the web application. Select an option to change the security certificate. Use existing certificate displays beneath it the certificate currently in use. The Download button below the certificate name downloads the current certificate through your web browser to your computer so you can supply the certificate to the web application during SSO configuration. It s not necessary to select this option it s present to display current status. Use the default tenant signing certificate selects the cloud service standard certificate for use. This is the default setting. Use a certificate with a private key (pfx file) from your local storage selects any certificate you want to supply, typically your organization s own certificate. To use this selection, you must click Browse to upload an archive file (.p12 or.pfx extension) that contains the certificate along with its private key. If the file has a password, you must enter it when prompted. 9 (Optional) On the Description page, you can change the name, description, and logo for the application. For some applications, the name cannot be modified. The Category field specifies the default grouping for the application in the user portal. Users have the option to create a tag that overrides the default grouping in the user portal. Chapter 40 Configuring Connected Data 4

Configuring Connected Data in Cloud Manager 10 On the User Access page, select the role(s) that represent the users and groups that have access to the application. When assigning an application to a role, select either Automatic Install or Optional Install: Select Automatic Install for applications that you want to appear automatically for users. If you select Optional Install, the application doesn t automatically appear in the user portal and users have the option to add the application. 11 (Optional) On the Policy page, specify additional authentication control for this application.you can select one or both of the following settings: Restrict app to clients within the Corporate IP Range: Select this option to prevent users outside the company intranet from launching this application. To use this option, you must also specify which IP addresses are considered as your intranet by specifying the Corporate IP range in Settings > Corporate IP Range. Require Strong Authentication: Select this option to force users to authenticate using additional, stronger authentication mechanisms when launching an application. Specify these mechanisms in Policy > Add Policy Set > Account Security Policies > Authentication. You can also include JavaScript code to identify specific circumstances when you want to block an application or you want to require additional authentication methods. For details, see Specifying application access policies with JavaScript. 12 On the Account Mapping page, configure how the login information is mapped to the application s user accounts. The options are as follows: Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userprincipalname or a similar field from the Centrify user service. Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account. Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script: LoginUser.Username = LoginUser.Get('mail')+'.ad'; The above script instructs the cloud service to set the login user name to the user s mail attribute value in Active Directory and add.ad to the end. So, if the user s mail attribute value is Adele.Darwin@acme.com then the cloud service uses Adele.Darwin@acme.com.ad. For more information about writing a script to map user accounts, see the SAML application scripting guide. Cloud Manager user s guide 5

Configuring Connected Data on its web site 13 (Optional) On the Advanced page, you can edit the script that generates the SAML assertion, if needed. In most cases, you don t need to edit this script. For more information, see the SAML application scripting guide. On the Changelog page, you can see recent changes that have been made to the application settings, by date, user, and the type of change that was made. Note 14 Click Workflow to set up a request and approval work flow for this application. The Workflow feature is a premium feature and is available only in the Centrify Identity Service App+ Edition. See Configuring Workflow for more information. 15 Click Save. After configuring the application settings (including the role assignment) and the application s web site, you re ready for users to launch the application from the user portal. Configuring Connected Data on its web site To configure the Connected Data application on its web site: 1 In your web browser, go to the Connected Data URL and sign in with your administrator credentials. 2 Navigate to Organization Preferences and click Manage IdP Integration. 3 On the Identity Provider Integration page, configure the following settings (also see "Configuring Connected Data in Cloud Manager" on page 40-2): Field SAML 2.0 Endpoint (HTTP) SLO Endpoint (HTTP) Issuer URL What you do Copy the contents of the SAML 2.0 Endpoint (HTTP) field in Cloud Manager > Application Settings and paste it here. Copy the contents of the SLO Endpoint (HTTP) field in Cloud Manager > Application Settings and paste it here. Copy the contents of the Issuer URL field in Cloud Manager> Application Settings and paste it here. X.509 Certificate Upload the certificate Signing Certificate that you downloaded from the Cloud Manager > Application Settings. SCIM Base URL SAML Consumer URL Not applicable. Copy this value and paste it into the field in Cloud Manager > Application Settings. Chapter 40 Configuring Connected Data 6

For more information about Connected Data Field SAML SLO URL Custom Headers 4 Click Save Identity Provider Settings. What you do Not applicable. Not applicable. For more information about Connected Data Contact Connected Data for more information about configuring Connected Data for SSO. Also see: http://www.connecteddata.com/contact-support/ Cloud Manager user s guide 7

For more information about Connected Data Chapter 40 Configuring Connected Data 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information