HP Software as a Service. Federated SSO Guide

Similar documents
HP Software as a Service

HP Device Manager 4.6

HP Asset Manager. Implementing Single Sign On for Asset Manager Web 5.x. Legal Notices Introduction Using AM

Customizing Asset Manager for Managed Services Providers (MSP) Software Asset Management

Synchronizing ProCurve IDM and Windows Active Directory

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

HP Device Manager 4.7

HP ThinPro. Table of contents. Connection Configuration for RDP Farm Deployments. Technical white paper

CA Nimsoft Service Desk

SAML Security Option White Paper

Vertica OnDemand Getting Started Guide HPE Vertica Analytic Database. Software Version: 7.2.x

HP Device Manager 4.7

How to configure 802.1X authentication with a Windows XP or Vista supplicant

HP Business Service Management

Getting Started with AD/LDAP SSO

HP Quality Center. Software Version: Microsoft Word Add-in Guide

HP Application Lifecycle Management

HP Project and Portfolio Management Center

HP Universal CMDB. Software Version: Data Flow Management Best Practices

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Copyright: WhosOnLocation Limited

HP LeftHand SAN Solutions

Managing Scalability of Web services

HP Operations Orchestration Software

HP Access Control Express Installation Guide

Security Assertion Markup Language (SAML) Site Manager Setup

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Using SAML for Single Sign-On in the SOA Software Platform

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

HP Service Manager. Collaboration Guide. For the Supported Windows and UNIX operating systems. Software Version: 9.31

Single Sign-On between SAP Portal and SuccessFactors

HP ALM. Software Version: Tutorial

HP Operations Orchestration Software

Egnyte Single Sign-On (SSO) Installation for OneLogin

HP Real User Monitor. Release Notes. For the Windows and Linux operating systems Software Version: Document Release Date: November 2012

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Sharing Pictures, Music, and Videos on Windows Media Center Extender

HP Business Service Management

Bluetooth Pairing. User Guide

HP SiteScope. HP Vertica Solution Template Best Practices. For the Windows, Solaris, and Linux operating systems. Software Version: 11.

idp Connect for OutSystems applications

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Collaboration Guide

Perceptive Experience Single Sign-On Solutions

Server Virtualization with Windows Server Hyper-V and System Center (20409) H8B93S

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Application Setup help topics for printing

HP OpenView Smart Plug-in for Microsoft Exchange Server

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

HP BladeSystem Management Pack version 1.0 for Microsoft System Center Essentials Troubleshooting Assistant

Improving Security and Productivity through Federation and Single Sign-on

Send to Network Folder. Embedded Digital Sending

HP Priority Services. Priority Access

Microsoft Office 365 Using SAML Integration Guide

Installing Microsoft Windows

EAsE and Integrated Archive Platform (IAP)

Flexible Identity Federation

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

HP Software & Solutions Partner Central and The Learning Center

HP Device Manager 4.6

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

HP Device Manager 4.6

CA Performance Center

CA Spectrum and CA Embedded Entitlements Manager

HP ThinShell. Administrator Guide

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

HP Operations Orchestration Software

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Service Desk help topics for printing

Single Sign On for ShareFile with NetScaler. Deployment Guide

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

HP OpenView AssetCenter

The increasing popularity of mobile devices is rapidly changing how and where we

SAML-Based SSO Solution

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Incident Management help topics for printing

HP Change Configuration and Release Management (CCRM) Solution

McAfee Cloud Identity Manager

QLIKVIEW MOBILE SECURITY

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

HP ProtectTools Embedded Security Guide

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Agenda. How to configure

FTP Server Configuration

How to Configure Web Authentication on a ProCurve Switch

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

HP Vertica Integration with SAP Business Objects: Tips and Techniques. HP Vertica Analytic Database

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Authentication Methods

HP LeftHand SAN Solutions

HP Business Process Monitor

HP Point of Sale (POS) Peripherals Configuration Guide ap5000 VFD Windows (non-opos)

How To Use Saml 2.0 Single Sign On With Qualysguard

HP Business Service Management

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Transcription:

HP Software as a Service Federated SSO Guide Document Release Date: July 2014

Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. Restricted Rights Legend Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Copyright Notice Copyright 2014 Hewlett-Packard Development Company, L.P. Trademark Notices Adobe is a trademark of Adobe Systems Incorporated. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. UNIX is a registered trademark of The Open Group. Page 2 of 10

Contents Contents Contents 3 Federated Single Sign-On (SSO) Overview 4 6 Page 3 of 10

Federated Single Sign-On (SSO) Overview Federated Single Sign-On (SSO) Overview In today's world, users require access to external systems whose access credentials are managed by a 3rd party. Federated identity management enables the cross organizational exchange of identity information across Internet domains, without migrating credential information or consolidating several security domains. With federation, HP SaaS customers can authenticate with their corporate credentials to gain access to HP SaaS solutions. A federated system comprises the following main components: Identity Provider (IdP) The identity provider belongs in the corporation that manages accounts for a large number of users who need secure Internet access to the services or Webbased applications of another organization. In our case a customer's organization that requires access to HP SaaS Web-based applications and services. The IdP manages the corporate users, and integrates with Identity Management systems in the customers organization responsible for authentication. The Identity Management systems will integrate with authentication providers such as LDAP or AD. All user authentication is carried out via Identity Management systems integrated with the IdP For successfully authenticated users, the IdP sends a SAML assertion to the HP SaaS SP that enables the user to access the HP SaaS services and Web-applications. Service Provider (SP) An SP belongs in the SaaS provider that wants to provide access to its Web applications and services. The SP trusts a corporate IdP to manage users and the authentication process. The SP does not manage an organization s users, but it trusts the IdP to manage user authentication. A trust must be set up between the customer IdP and the HP SaaS SP. Once a trust has been set up and a user has been authenticated via the IdP using corporate credentials, the user can access Pronq My Account and the HP SaaS Web-applications and services. Why use Federated SSO Using federated SSO significantly simplifies cross-domain user management as follows: You use your corporate credentials to access HP SaaS. That means you can access all your systems with one password. User details are updated in one place, the corporate domain. There is no need to migrate identity information or consolidate between the two security domains. Corporate credentials aren't exposed to the SaaS provider. Page 4 of 10

Federated Single Sign-On (SSO) Overview This document describes how to initiate the set up of Federated SSO, and a high level description of how it works. Page 5 of 10

HP SaaS customers can log in to HP SaaS solutions using Federated Single Sign-On (SSO). This means that you will be able to access your HP SaaS solutions by signing on with your corporate credentials. To set up Federated SSO, your organization must use a Security Assertion Markup Language 2.0 (SAML 2.0) compliant Identity Provider (IdP) that is configured to communicate with an HP SaaS Service Provider (SP). SAML enables seamless SSO from a browser, by asserting the identity of the user to the HP SaaS solution. As IdPs come in all shapes and sizes, the following topic discusses in general what you must do to configure Federated SSO. As you will see in the description below, the person in your organization responsible for managing your IdP will need to interact with the HP SaaS support team to successfully set up a trust between your IdP and the HP SaaS SP. Before you set up Federated SSO: Ensure you have a working SAML 2.0 compliant Identity Provider (IdP). Identify someone in your organization who is familiar with configuring and managing your organization's IdP. Ensure that your IdP's system clock is synchronized with a reliable time source. If it is not, tokens generated will be unusable and SSO will fail. Page 6 of 10

Summary of Federated SSO Setup Page 7 of 10

Setting Up Federated SSO in a bit more detail 1. Ensure that your SAML 2.0 compliant IdP is working and that you have identified the person in your organization who is responsible for configuring your IdP. 2. From My Account, click the Support menu, click, and open a ticket for the HP SaaS support team to assist setting up a trust relationship between your IdP and the HP SaaS Service Provider. Note: To open a Federated SSO Service request, in My Account, click the Support menu, click, select My Account-> SSO Federation -> Set up a connection to your organization's IdP. Ensure that in your request details you include the name of the IT person in your organization who is familiar with your SAML 2.0 compliant IdP. 3. The HP SaaS support team sends you the Service Provider (SP) metadata.xml file that contains connection information that you use to create a trust between your IdP server and the HP SaaS SP. Note: The metadata.xml file contains information such as the SSO server name and the public key. This file will be used by your IdP expert when setting up the trust. 4. Configure an IdP connection to the HP SaaS SP using the HP SaaS metadata.xml file as an input value. 5. Export your IdP metadata.xml file with your public key certificate, and securely transfer your metadata.xml file to the HP SaaS support team. Note: The metadata.xml file contains information such as the SSO server name and your public key. The SAML Subject must be an email address. Other SAML attributes include the First_ Name, Last_Name, and Phone. 6. The HP SaaS support team configures its SSO software for the connection. 7. The HP SaaS support team sends you a URL to test that Federated SSO works, and that you can log in via your IdP. Access the URL and verify you can log in via your IdP endpoint. If successful, you can Accept the Request resolution. Page 8 of 10

8. When the test is successful, HP SaaS sends you a URL to distribute to your users for logging in to HP SaaS with Federated SSO. How does the connection process work? Once Federated SSO has been configured, the process works as follows: Note: Steps 2 to 7 happen in the background, and are transparent to the user. 1. The user accesses the HP SaaS product instance with the URL that was that provided. HP SaaS checks if the user is authenticated. If the user is authenticated, permission is given to access the HP SaaS product instance. 2. If the user is not authenticated, the user is redirected to the HP SaaS Service Provider (SP) to initiate SSO. 3. The user s browser is then redirected to the customer IdP. 4. Once authenticated by the corporate side, a SAML token is sent to the user s browser. 5. The SAML assertion is then forwarded to the HP SaaS SP. 6. If you are a valid HP SaaS user for your customer account, an SSO token is returned to the user s browser. Page 9 of 10

7. The user s browser then returns a token to HP SaaS and access is granted for the product instance. Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information