Configuring SSO on Access Appliance
Configuring SSO on Access Appliance involves the following steps:
Table:
Task | Description |
|---|---|
Configuring SSO on an Access Appliance cluster | |
Adding users/group | |
Configuring an identity provider | |
Logging into Access Appliance with SSO | See Login with SSO |
To configure SSO on an Access Appliance cluster
- Go to Settings > Security management > Single sign-on (SSO). Click Add.
- Give the IDP name and upload the IDP metadata xml and optionally provide the custom user field and group field values. The user field and group field values should be same as configured on the IDP. Click Save.
The UI displays a message that confirms that the add identity provider task is triggered. You can click View Details to see the progress of the task. Alternatively, you can also click the Recent Activity icon from the top right of the UI to see the status of the most recent operations.
- Once the configuration is complete, the SSO identify provider details are displayed on the screen. Click Download service provider xml to download the details and upload it on IDP server, if required.
To configure an identity provider
- Login with SSO works only if the configuration on the IDP side is done. Each IDP has different steps for configuration.
Note:
The IDP should always sign the assertation to ensure that the configuration is trustworthy.
Refer to the following links for the configuration steps for each identity provider.
ADFS: Enrolling Access Appliance primary server as a service provider to ADFS
Azure: Enrolling Access Appliance primary server as a service provider to Azure
Okta: Enrolling Access Appliance primary server as a service provider to Okta
Pingfederate: Enrolling Access Appliance primary server as a service provider to Pingfederate
Login with SSO
- Navigate to GUI login page. Click Sign-in with single sign-on (SSO).
- Enter SSO credentials and click Sign in.