Dell One Identity Cloud Access Manager How to Configure as an Identity Provider



Similar documents
Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Spotlight Management Pack for SCOM

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Spotlight Management Pack for SCOM

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Dell InTrust Preparing for Auditing Cisco PIX Firewall

New Features and Enhancements

Security Analytics Engine 1.0. Help Desk User Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Dell One Identity Cloud Access Manager Installation Guide

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Dell Statistica Statistica Enterprise Installation Instructions

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

Dell Statistica Document Management System (SDMS) Installation Instructions

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Dell InTrust Preparing for Auditing CheckPoint Firewall

Dell One Identity Cloud Access Manager How to Configure for High Availability

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Dell InTrust Preparing for Auditing Microsoft SQL Server

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Dell Migration Manager for Exchange Product Overview

formerly Help Desk Authority Quest Free Network Tools User Manual

Dell NetVault Backup Plug-in for SQL Server 6.1

About Recovery Manager for Active

Security Explorer 9.5. About Security Explorer 9.5. New features. June 2014

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Enterprise Reporter Report Library

Dell NetVault Backup Plug-in for SQL Server

formerly Help Desk Authority HDAccess Administrator Guide

Introduction to Version Control in

Dell Spotlight on Active Directory Deployment Guide

Dell One Identity Quick Connect for Cloud Services 3.6.1

Dell One Identity Quick Connect for Cloud Services 3.6.0

Dell InTrust 11.0 Best Practices Report Pack

4.0. Offline Folder Wizard. User Guide

Dell Client Profile Updating Utility 5.5.6

formerly Help Desk Authority Upgrade Guide

Object Level Authentication

Defender Delegated Administration. User Guide

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

How to Deploy Models using Statistica SVB Nodes

About Dell Statistica

2.0. Quick Start Guide

Quest vworkspace Virtual Desktop Extensions for Linux

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Dell InTrust Real-Time Monitoring Guide

Dell NetVault Backup Plug-in for SharePoint 1.3. User s Guide

Quest ChangeAuditor 4.8

Dell NetVault Backup Plug-in for Hyper-V User s Guide

Web Portal Installation Guide 5.0

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

Security Explorer 9.5. User Guide

formerly Help Desk Authority HDAccess User Manual

Dell Recovery Manager for Active Directory 8.6.0

Dell MessageStats for Lync and the MessageStats Report Pack for Lync & OCS 7.3. User Guide

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Foglight Cartridge for Active Directory Installation Guide

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

FOR WINDOWS FILE SERVERS

Dell Recovery Manager for Active Directory 8.6. Deployment Guide

About Dell SonicWALL Analyzer 8.1

Quick Connect Express for Active Directory

Toad for Apache Hadoop 1.1.0

Spotlight on Messaging. Evaluator s Guide

Spotlight on SQL Server Enterprise Federation Guide

Dell Security Explorer 9.6

Desktop Authority vs. Group Policy Preferences

8.7. Resource Kit User Guide

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Quest Collaboration Services How it Works Guide

Dell Recovery Manager for Active Directory 8.6.3

DATA GOVERNANCE EDITION

Dell Directory Analyzer Installation Guide

Defender 5.7. Remote Access User Guide

DIGIPASS as a Service. Google Apps Integration

Foglight. Dashboard Support Guide

Dell Unified Communications Command Suite - Analytics 8.1. Deployment Guide

Quest Collaboration Services 3.5. How it Works Guide

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

Quest Privilege Manager Console Installation and Configuration Guide

Dell InTrust Auditing and Monitoring Microsoft Windows

6.7. Quick Start Guide

CA Nimsoft Monitor. Probe Guide for Cloud Monitoring Gateway. cuegtw v1.0 series

Companion for MS Analysis Server, v4

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

CA Spectrum and CA Embedded Entitlements Manager

Understanding Enterprise Cloud Governance

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Transcription:

Dell One Identity Cloud Access Manager 7.0.2

2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Dell Inc. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Dell Inc. Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (software.dell.com) for regional and international office information. Trademarks Dell and the Dell logo are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. Dell One Identity Cloud Access Manager - Updated March 2014 Software Version 7.0.2

Contents Contents... 3 Configuring Cloud Access Manager as an Identity Provider... 4 Pre-requisites... 5 Configuration... 5 Configuring the SAML application on idp-cam.partner.local... 6 Setting up the Front-end authenticator in sp-cam.demo.local... 10 Testing your configuration... 12 About Dell... 14 Contacting Dell... 14 Technical support resources... 14 3

Configuring Cloud Access Manager as an Identity Provider 1 Pre-requisites Configuration Testing your configuration To provide end-users located on another network with access to your applications, you can configure Cloud Access Manager to federate with an Identity Provider (IDP) running on the end-user network. The IDP authenticates users against its local directory, and sends an assertion to Cloud Access Manager (the Service Provider) to vouch for the user s authenticity. The identity provider must support the SAML or WS-Federation protocol. It can be an on-premise service or a Software-as-a-Service (SaaS) service provided by a third-party vendor, or you can deploy another instance of Cloud Access Manager to perform the role of identity provider, as shown in Figure1. Figure 1. Multi-federated Cloud Access Manager deployment This guide describes how to configure one instance of Cloud Access Manager to operate as an Identity Provider, which will federate to another instance of Cloud Access Manager configured to operate as a Service Provider. 4

Pre-requisites Before starting the configuration, please ensure that the following pre-requisites are met: two member servers, sp-cam.demo.local and idp-cam.partner.local, are each located in their own Active Directory forest a Cloud Access Manager Proof-of-Concept installation exists on each server a Front-end authenticator is configured on idp-cam.partner.local to connect to the local Active Directory. Configuration Configuring the SAML application on idp-cam.parter.local describes how to configure the IDP Cloud Access Manager instance (on idp-cam.partner.local) with a SAML application to define the SP Cloud Access Manager instance (on sp-cam.demo.local). Setting up the Front-end Authenticator in sp-cam.demo.local describes how to configure the SP Cloud Access Manager instance (on sp-cam.demo.local) with a Frontend authenticator (FEA) definition for the IDP Cloud Access Manager instance (on idpcam.partner.local). Testing your configuration describes how to test a federated logon to the SP Cloud Access Manager instance, authenticating against the IDP Cloud Access Manager instance. Figure 2. Lab deployment with Cloud Access Manager-to-Cloud Access Manager federation 5

Configuring the SAML application on idp-cam.partner.local To configure the IDP Cloud Access Manager instance on idp-cam.partner.local with a SAML application to define the SP Cloud Access Manager instance on sp-cam.demo.local 1 Log in as a fallback administrator to the Cloud Access Manager instance on idp-cam.partner.local. 2 From the main menu, in the Application section, click + Add New. 3 The Create New Application page is displayed. Click Configure Manually. 4 The Back-end SSO Method page is displayed. Select Using SAML, then click Next. 5 On the Federation Settings screen, enter the Recipient and the Audience / SP Identity as follows: Recipient: https://sp-cam.demo.local/cloudaccessmanager/rpsts/saml2/login.aspx Audience/SP Identity: urn:sp-cam.demo.local/cloudaccessmanager/rpsts 6

6 On the Subject Mapping page, click Derive the username from an attribute. 7 In the Take the username from the following attribute field, enter samaccountname. 8 Click Next. Cloud Access Manager requires at least one non-subject claim to be present in the SAML assertion. In this example, we will send an email claim. 9 On the Claim Mapping page, click + Add to add a claim mapping. 10 In the Name of the claim to send to the application field, enter urn:claim/emailclaim 7

11 In the User attribute to send section, select Email Address. 12 Click Next to advance to the External Access page. This asks you whether the application should be proxied, for situations where external users are required to access applications on your internal network. When Cloud Access Manager is operating as an IDP, the application (SP) does not run on your internal network, this is not required. Select Do not proxy this application. 13 Click Next. 14 The Permissions page is displayed. Here you can grant or deny access to the application, based on role membership. Select Allow Role Access to specify which roles will have access to Cloud Access Manager. 8

15 Now enter a name for this application configuration. 16 Click Next. 17 The Application Portal configuration screen allows you to determine how the app link (to the CAM SP instance) is presented on the local Application Portal. Since, in this example, users will navigate directly to the Cloud Access Manager SP Application Portal, the URL to the local Cloud Access Manager IDP Application Portal will not be published, so the settings here are unimportant. Select IDP-initiated under SSO Mode and click Finish. 9

18 The Federation Settings page provides you with information that you may need to configure your Service Provider. In this example, we will generate metadata to set up our Service Provider. Click Download Metadata, and transfer the downloaded file to your sp-cam.demo.local machine. Setting up the Front-end authenticator in sp-cam.demo.local To set up the Front-end authenticator in sp-cam.demo.local 1 Log in to the Cloud Access Manager instance on sp-cam.demo.local as the fallback administrator. 2 From the main menu, in the Front-end Authentication section, click + Add New. 3 On the Authenticator Type page, choose SAML Federated: 4 Click Next. On the SAML Trust Settings page, upload the Federation metadata file which you downloaded from the Federation Settings page of the Application Configuration wizard in step 19. 10

5 We have used metadata to configure our Service Provider so there is no need to enter IDP Log in URL or import the IDP public certificate manually. This information is loaded automatically when the metadata file is imported. 6 The User Identity Claims page is displayed. Here you can specify how Cloud Access Manager will uniquely identify users and derive the display name of users from this IDP. In this example, we allow both to default to Use the Subject. 7 In the Authenticator Name field, enter CAM IDP. 8 Click Finish. 11

9 The federation settings for the Service Provider are displayed. 10 The Cloud Access Manager Identity Provider is now configured. When prompted to go to the role editor, you can select No, Close This Dialog; access permissions to applications on sp-cam.demo.local will be controlled by the service provider instance. Testing your configuration You have now configured the two Cloud Access Manager instances. When users attempt to access spcam.demo.local, they are redirected to idp-cam.partner.local for authentication. To test the configuration 1 Log onto any machine in the idp-cam.partner.local forest. Open a browser and navigate to the Cloud Access Manager application portal on sp-cam.demo.local (https://sp-cam.demo.local/cloudaccessmanager). 2 The browser is redirected to the Identity Provider s log in page. Enter the credentials for a user defined in the idp-cam.partner.local forest. 12

3 The user is authenticated by the Identity Provider. If the authentication is successful, the browser is redirected to sp-cam.demo.local, and the Application Portal is displayed. 13

About Dell Dell listens to customers and delivers worldwide innovative technology, business solutions and services they trust and value. For more information, visit www.software.dell.com. Contacting Dell Technical Support: Online Support Product Questions and Sales: (800) 306-9329 Email: info@software.dell.com Technical support resources Technical support is available to customers who have purchased Dell software with a valid maintenance contract and to customers who have trial versions. To access the Support Portal, go to http://software.dell.com/support/. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the portal provides direct access to product support engineers through an online Service Request system. The site enables you to: Create, update, and manage Service Requests (cases) View Knowledge Base articles Obtain product notifications Download software. For trial software, go to Trial Downloads. View how-to videos Engage in community discussions Chat with a support engineer 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information