Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta



Similar documents
IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

SAML 2.0 SSO Deployment with Okta

Egnyte Single Sign-On (SSO) Installation for OneLogin

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

JUNOS PULSE APPCONNECT

PULSE APPCONNECT. A Micro VPN That Allows Specific Applications on Mobile Devices to Independently Leverage the Connect Secure Gateway.

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

SAM Context-Based Authentication Using Juniper SA Integration Guide

Configuring EPM System for SAML2-based Federation Services SSO

Flexible Identity Federation

SAML Single-Sign-On (SSO)

Introduction to Directory Services

Configuring. Moodle. Chapter 82

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Connected Data. Connected Data requirements for SSO

CA Nimsoft Service Desk

PULSE. Pulse for Windows Phone Quick Start Guide. Release Published Date

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Egnyte Single Sign-On (SSO) Installation for Okta

Configuring SuccessFactors

Single Sign On for ShareFile with NetScaler. Deployment Guide

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Copyright Pivotal Software Inc, of 10

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

This section includes troubleshooting topics about single sign-on (SSO) issues.

VMware Identity Manager Administration

Configuring. SuccessFactors. Chapter 67

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.0. Document Revision 2.0 Published:

Configuring Parature Self-Service Portal

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

VMware Identity Manager Administration

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring Salesforce

Sharepoint server SSO

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Using SAML for Single Sign-On in the SOA Software Platform

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Administering Jive Mobile Apps

How To Integrate An Ipm With Airwatch With Big Ip On A Server With A Network (F5) On A Network With A Pb (Fiv) On An Ip Server On A Cloud (Fv) On Your Computer Or Ip

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

TIB 2.0 Administration Functions Overview

VMware Identity Manager Integration with Active Directory Federation Services 2.0

SAP NetWeaver AS Java

Configuring on-premise Sharepoint server SSO

Deploying NetScaler Gateway in ICA Proxy Mode

Deploying RSA ClearTrust with the FirePass controller

Authentication Methods

SAML Authentication Quick Start Guide

Security Assertion Markup Language (SAML) Site Manager Setup

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.1. Document Revision 3.0 Published:

Advanced Configuration Administration Guide

Agenda. How to configure

How to create a SP and a IDP which are visible across tenant space via Config files in IS

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

Setting Up Resources in VMware Identity Manager

Mobile Device Management Version 8. Last updated:

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.1. Document Revision 9.0 Published:

setup information for most domains hosted with InfoRailway.

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Enabling Single Sign- On for Common Identity using F5

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

F-Secure Messaging Security Gateway. Deployment Guide

Achieve Single Sign-on (SSO) for Microsoft ADFS

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Copyright 2013, 3CX Ltd.

CA Performance Center

SAML single sign-on configuration overview

Introduction to the EIS Guide

PARTNER INTEGRATION GUIDE. Edition 1.0

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

NSi Mobile Installation Guide. Version 6.2

Integrating EJBCA and OpenSSO

Configuring Global Protect SSL VPN with a user-defined port

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

How to Configure Certificate Based Authentication for WorxMail and XenMobile 10

How To - Implement Single Sign On Authentication with Active Directory

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Defender Token Deployment System Quick Start Guide

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Transcription:

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta Configuration Guide Product Release Document Revisions Published Date 1.0 1.0 May 2016

Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 http://www.pulsesecure.net. 2016 by Pulse Secure, LLC. All rights reserved. Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Zendesk SSO with Cloud Secure using MobileIron MDM Server And Okta Configuration Guide. The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.pulsesecure.net/support/eula. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. Revision History The following table lists the revision history for this document. Revision Date Description 1.0 May 12, 2016 Initial publication 2016 Pulse Secure, LLC. 2

Zendesk SSO with Cloud Secure using MobileIron MDM Server and O TABLE OF CONTENT CHAPTER 1 OVERVIEW... 5 PRE-REQUISITES:... 5 CHAPTER 2 OKTA IDP CONFIGURATION... 6 STEPS TO CONFIGURE... 6 CHAPTER 3 ZENDESK CONFIGURATION... 12 STEPS TO CONFIGURE... 12 CHAPTER 4 CLOUD SECURE CONFIGURATION... 14 STEPS TO CONFIGURE... 14 CHAPTER 5 MOBILEIRON MDM CONFIGURATION... 20 STEPS TO CONFIGURE... 20 CHAPTER 6 CONFIGURING IN IOS DEVICE... 22 2016 Pulse Secure, LLC. 3

LIST OF FIGURES Figure 1 Architectural Diagram... 5 Figure 2 Add Edit Endpoint... 6 Figure 3 Metadata File... 7 Figure 4 General Settings... 8 Figure 5 Sign-On Options... 9 Figure 6 Provisioning... 10 Figure 7 Assign to People... 11 Figure 8 Zendesk Login Page... 12 Figure 9 Security Page... 13 Figure 10 Virtual Port... 14 Figure 11 SAML Settings... 14 Figure 12 SAML IdP Settings... 16 Figure 13 Add Service Provider... 17 Figure 14 MobileIron as MDM server... 18 Figure 15 Allowed Server... 19 Figure 16 To Create SAM Policies... 19 Figure 17 Add VPN Setting... 20 Figure 18 Application VPN Setting... 21 Figure 19 Apply Labels... 21 Figure 20 Welcome Mail... 22 2016 Pulse Secure, LLC. 4

Chapter 1 Overview Cloud secure provides Solution for Secure Sign On for Cloud services if they are already using Third-party MDM solution that allows the administrator to manage cloud app to define or deploy Per-App VPN settings using Okta as Identity management provider. SAML federation with third party identity providers (OKTA) act as inbound SAML identity provider. This Document provide end to end configuration for Zen desk cloud service SSO using Cloud Secure as an Identity Provider along with MobileIron MDM server and Okta as identity Management provider. Pre-requisites: Pulse Connect Secure minimum version 8.2r3 MobileIron Core 8.5.0.0 build 123 IPhone ios latest version 9.X Figure 1 Architectural Diagram 2016 Pulse Secure, LLC. 5

Chapter 2 OKTA IdP Configuration Steps to Configure 1. Login as Admin and click Admin to configure Pulse Connect Secure as IdP. 2. Navigate to Security-> Authentication-> Inbound SAML to add Pulse Connect Secure configure details as below: Figure 2 Add Edit Endpoint 3. Download Metadata from SAML Metadata file to configure OKTA as service provider in Pulse Connect Secure shown below : 2016 Pulse Secure, LLC. 6

Figure 3 Metadata File 4. To add Zendesk application in OKTA for SSO a. Navigate to Applications-> Application page b. Type Zendesk in search list and click Add for adding the application. c. Under (Required) General Settings, provide Zendesk domain details and click Next. 2016 Pulse Secure, LLC. 7

Figure 4 General Settings d. Under (Required) Sign-On Option, select SAML2.0 and Application Username Format as Email. 2016 Pulse Secure, LLC. 8

Figure 5 Sign-On Options e. Procedure to configure Zendesk Service Provider with SSO configuration click View Setup Instruction f. Configure the (Optional) Provisioning Setting as below figure : 2016 Pulse Secure, LLC. 9

Figure 6 Provisioning g. Under (Optional) Assign to People, assign Zendesk to people and click Next. h. Click Done to save the configurations. 2016 Pulse Secure, LLC. 10

Figure 7 Assign to People 2016 Pulse Secure, LLC. 11

Chapter 3 Zendesk Configuration Steps to Configure Create a user account in Zendesk using the following link https://www.zendesk.com/register#getstarted Complete the registration and login to the Zendesk account. Figure 8 Zendesk Login Page 5. From the console, go to Security. 6. Enable Single Sign-On. 7. Set the SSO parameters as follows: a. Enable the SAML. b. Enter the SAML SSO URL (for example : https://dev- 835358.oktapreview.com/app/zendesk/exk6115mwclmh3RyV0h7/sso/saml c. Enter the Certificate Fingerpring as 4bb672273e8921b207d6d28cdc5ad636f197b0ce 2016 Pulse Secure, LLC. 12

Figure 9 Security Page d. Enable SSO for both Admin and Users (On Admins and End-Users tab). 2016 Pulse Secure, LLC. 13

Chapter 4 Cloud Secure Configuration Steps to Configure The steps to configure Pulse Connect Secure as Identity Provider: 1. Login to Pulse Connect Secure admin console. 2. Choose Network-> Internal Port-> Virtual Port to create a new port with a new IP to redirect URL given for SSO in Zendesk. Figure 10 Virtual Port 3. Select System-> Network-> Host and add Host Entry (for example : ppsqa-sso.pulsesecuredev.net) 4. Navigate to System-> Configuration-> SAML->Settings a. Enter Host FQDN for SAML (for example : ppsqa.pulsesecuredev.net) b. Enter Alternate Host FQDN for SAML (for example : ppsqa-sso.pulsesecuredev.net ) Figure 11 SAML Settings 2016 Pulse Secure, LLC. 14

Note: Alternate Host FQDN for SAML is DNS Host name for virtual port IP which is configured in above step 2. 5. Navigate to System-> Configuration-> SAML and click New Metadata Provider. a. Enter the Name and OKTA Metadata xml file downloaded from OKTA website. b. Select Role as Service Provider and Save. 6. Go to Authentication->Signing In->Sign-in SAML->Identity Provider. a. Enable both Post and Artifact b. Select the appropriate Signing Certificate. c. Enable Reuse Existing NC and Accept Unsigned AuthnRequest. d. Under User Identity, select Subject Name format as Email Address and Subject Name as <USERNAME>@pulsesecure.net 2016 Pulse Secure, LLC. 15

Figure 12 SAML IdP Settings 7. Click on Add SP on the configuration page: a. Select Configuration mode as Metadata. b. Enter the Entity ID (the Entity ID will be the Zendesk domain). c. Enter the Assertation URL (for example : https://ppsngsa.zendesk.com/access/saml) d. Enable Post Protocol Binding and Reuse Existing NC. e. Click on Save Changes. 2016 Pulse Secure, LLC. 16

Figure 13 Add Service Provider 8. To configure MobileIron as MDM Authentication Server a. Navigate to Authentication-> Auth servers and select MDM server-> New Server. b. Enter the required fields and click Save Changes. 2016 Pulse Secure, LLC. 17

Figure 14 MobileIron as MDM server 9. Select Authentication Server with Certificate Auth for Realm and select Device Attributes server as MobileIron. 10. Navigate to User Realm-> Role Mapping rule to configure device attribute rule as below: a. Enter the Name to identify the MDM Server. b. Then assign the available roles to selected roles. c. To manage the roles, see the Roles Configuration page. d. Click on Save Changes / Save + New. 11. Go to User Roles-> Users-> General-> Overview a. Enter the Name and (Optional) Description. b. Enable Pulse Secure Client and Secure Application Manager c. Click on Save Changes. 12. Go to Users-> User Roles-> Users-> SAM-Applications. 13. Click on Add Server and enter the following details: a. Enter the Name to identify the server. b. Enter the Allowed Server (and Ports), mention the virtual port IP and port created in Step2. 2016 Pulse Secure, LLC. 18

Figure 15 Allowed Server 14. Go to Users -> Resource Policies -> SAM -> Access Control and create ACL for the resource similar to the following example Figure 16 To Create SAM Policies 2016 Pulse Secure, LLC. 19

Chapter 5 MobileIron MDM Configuration This solution assumes that the administrator has a basic understanding on MobileIron and the additional more details refer to MobileIron Documentation. This deployment is for MobileIron version VSP 5.9.2 Build 11. Steps to Configure To define a MobileIron MDM Configuration for Zendesk SSO follow the below steps: 1. Login to the MobileIron server. 2. Goto Policies & Configs -> Add New-> VPN. 3. Enter the Name and Description. 4. Select Connection Type as Pulse secure SSL 5. Enter the Server URL as PPS fqdn 6. Select Identification Certificate 7. Enable per app VPN. 8. Under the Safari Domain, configure FQDN of SAML SSO URL Figure 17 Add VPN Setting 9. Go to Apps, to change the Selected Platform to ios. 10. Select Edit option to modify or to change any settings to application 11. Select the VPN profile created from the Per-App VPN setting and click Save 2016 Pulse Secure, LLC. 20

Figure 18 Application VPN Setting Follow the same procedure to add applications that needs to send data through the VPN. 12. Select App-> Zendesk App->Actions->Apply to Labels. 13. Select the label and click Apply to apply Zendesk Application. Figure 19 Apply Labels 2016 Pulse Secure, LLC. 21

Chapter 6 Configuring in ios Device The steps to follow configuring in ios device: 1. Install Pulse Client on the ios device. 2. An email from MobileIron will be sent to User email id, follow the device registration details to enroll and install the profiles on device. Figure 20 Welcome Mail 3. Launch of Zendesk app will initiate per app VPN connection. 4. Pulse Connect Secure will use MDM to fetch device attributes to do role mapping and provide the role. 5. Tunnel will be established based on role mapping validation. 6. Enter Custom domain on application (for example : psecure.zendesk.com) 7. Click Continue. 8. Cloud Server will request to OKTA Identity server and redirect request to Pulse Connect Secure Identity Provider to reuse existing user to construct SAML response and return to OKTA. 9. The application is installed with Secure Sign-On and application will load the Zendesk resource page.. 2016 Pulse Secure, LLC. 22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information