Security Provider Integration: SAML Single Sign-On

Similar documents
Security Provider Integration SAML Single Sign-On

Security Provider Integration SAML Single Sign-On

Android Rep Console

Security Provider Integration Kerberos Server

Security Provider Integration: Kerberos Server

Privileged Remote Access Two-Factor Authentication

Supporting ios Devices

Bomgar Privileged Access Smart Cards

Security Provider Integration RADIUS Server

Microsoft Dynamics CRM Integration with Remote Support

Remote Support Security Provider Integration: RADIUS Server

Smart Cards for Remote Authentication 3. Prerequisites 3. Install the Smart Card Driver 4

Appliance Upgrade Guide

RSA SecurID Access SAML Configuration for Datadog

Failover Dynamics and Options with BeyondTrust 3. Methods to Configure Failover Between BeyondTrust Appliances 4

Security Provider Integration Kerberos Authentication

RSA SecurID Access SAML Configuration for Kanban Tool

Security in the Privileged Remote Access Appliance

Privileged Access Management Android Access Console 2.2.2

Privileged Remote Access Failover Configuration

Supporting Android Devices

Supporting Apple ios Devices

HEAT Software Integration with Remote Support

Privileged Remote Access Access Console User Guide 18.3

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Bomgar PA Integration with ServiceNow

Quick Connection Guide

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Real-Time Dashboard Integration Bomgar Remote Support

Atlas Technology Deployment Guide

Remote Support Web Rep Console

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Google Auto User Provisioning

JIRA Integration Guide

Security Provider Integration LDAP Server

BMC Remedy Integration with Remote Support

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Remote Support 19.1 Web Rep Console

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Bomgar Appliance Upgrade Guide

How to Customize Support Portals

Bomgar Vault Server Installation Guide

Privileged Access Access Console User Guide 17.1

Bomgar Remote Support Representative Guide 16.1

Integration Client Guide

Remote Support Jumpoint Guide: Unattended Access to Computers in a Network 4. Recommended Steps to Implement Bomgar Jump Technology 5

RSA SecurID Access SAML Configuration for StatusPage

Bomgar Connect Android Rep Console 2.2.9

Privileged Access Integration Client Guide

Google SAML Integration with ETV

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

RED IM Integration with Bomgar Privileged Access

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Privileged Access Access Console User Guide 18.1

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Privileged Remote Access Appliance Interface (/appliance)

Setting Up Resources in VMware Identity Manager

Privileged Remote Access Jumpoint Guide

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

RSA SecurID Access SAML Configuration for Samanage

Integrating YuJa Active Learning into Google Apps via SAML

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Bomgar Connect Android Rep Console 2.2.6

Privileged Remote Access Virtual Appliance Setup

Privileged Access Access Console User Guide 18.2

Webthority can provide single sign-on to web applications using one of the following authentication methods:

User Guide. Version R92. English

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

Security in Bomgar Remote Support

Microsoft Dynamics CRM Integration with Bomgar Remote Support

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Supporting Android Devices

Quick Connection Guide

Zendesk Connector. Version 2.0. User Guide

SAML-Based SSO Solution

User Guide. Version R94. English

Salesforce Integration Use Case

Morningstar ByAllAccounts SAML Connectivity Guide

Failover Configuration Bomgar Privileged Access

All about SAML End-to-end Tableau and OKTA integration

SAML-Based SSO Solution

Bomgar Connect Support Apple ios Devices

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Configuring Failover

Privileged Identity App Launcher and Session Recording

Virtual Appliance Setup Guide

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Privileged Remote Access SIEM Tool Plugin Installation and Administration

Remote Support Appliance Interface (/appliance)

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

Quick Connection Guide

Integration Guide. SafeNet Authentication Service. Protecting SugarCRM with SAS

Advanced Configuration for SAML Authentication

Privileged Access Administrative Interface 17.1

Privileged Access Management User Guide 15.1

WebEx Connector. Version 2.0. User Guide

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Transcription:

Security Provider Integration: SAML Single Sign-On 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property of their respective owners. TC:1/4/2019

Table of Contents SAML for Single Sign-On Authentication 3 Create and Configure the SAML Security Provider 4 Log in Using SAML Single Sign-On 7 Log into the Representative Console Using SAML Credentials 7 Log into the /login Interface using SAML Credentials 8 Log into BeyondTrust from the Identity Provider Side 8 Manage Security Providers: SAML Servers and Others 9 CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 2

SAML for Single Sign-On Authentication Integration of your BeyondTrust Appliance with external identity providers enables administrators to efficiently manage user access to BeyondTrust accounts by authenticating users against external directory stores. This guide is designed to help you configure the BeyondTrust Appliance to communicate with an identity provider using SAML 2.0 for the purpose of user authentication and group lookup. Should you need any assistance, please contact BeyondTrust Technical Support at help.bomgar.com. CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 3

Create and Configure the SAML Security Provider Go to /login > Users & Security > Security Providers. From the dropdown, select the type of server you want to configure. Then click the Create Provider button. Note: You can configure only one SAML provider. General Settings Name The name for your SAML provider is auto-generated and cannot be edited at this time. Enabled: This provider is enabled If checked, your BeyondTrust Appliance can search this security provider when a user attempts to log in. If unchecked, this provider will not be searched. Identity Provider Settings Metadata The metadata file contains all the information needed for the initial setup of your SAML provider and must be downloaded from your identity provider. Save the xml file, and then click Choose File to select and upload the selected file. Entity ID Unique identifier for the identity provider you are using. Single Sign-On Service URL When you want to log into BeyondTrust using SAML, this is the URL where you are automatically redirected so you can log in. Protocol Binding Determines whether a user posts or is redirected to the sign on URL. This should be left defaulted to redirect unless otherwise required by the identity provider. CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 4

Certificate This certificate will be used to verify the signature of the assertion sent from the identity provider. Note: The fields for Entity ID, Single Sign-On Service URL, and Certificate are automatically populated from the identity provider's metadata file. If you cannot get a metadata file from your provider, this information can be entered manually. Service Provider Settings Metadata Download the BeyondTrust metadata, which you then need to upload to your identity provider. Entity ID This is your BeyondTrust URL. It uniquely identifies the service provider. Private Key If necessary, you can decrypt messages sent by the identity provider, if they support and require encryption. Click Choose File to upload the private key necessary to decrypt the messages sent from the identity provider. User Provision Settings User Attribute SAML attributes are used to provision users within BeyondTrust. The default values match BeyondTrust-certified applications with various identity providers. If you are creating your own SAML connector, you may need to modify the attributes to match what is being sent by your identity provider. Authorization Settings Group Lookups This is the SAML attribute that contains the names of groups to which users should belong. The default name for the BeyondTrust applications is "Groups". Note: If the attribute value contains multiple group names, you need to specify the delimiter used to separate their names. If the delimiter is left blank, then the attribute value may contain multiple XML nodes with each one containing a different name. CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 5

Available Groups Allows a predefined list of groups to be associated with the security provider. This list can then be used to associate a group with the appropriate group policy. Default Group Policy Select the default group to which users will be assigned. Users will be assigned settings defined in the default group policy only if they do not belong to another group policy that defines those settings. CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 6

Log in Using SAML Single Sign-On Users can utilize SAML single sign-on to gain access to the representative console or /login interface. Alternatively, a login can be initiated from the identity provider's side. Log into the Representative Console Using SAML Credentials To log into the BeyondTrust representative console, select SAML Credentials from the dropdown menu. If you have not yet logged into your identity provider, you will be redirected using the default browser. Once authenticated, a BeyondTrust representative console script is downloaded to gain access to the representative console. Note: The BRCS file that is downloaded is configured by default to open the representative console. Most browsers can be configured to do this automatically, which will keep the representative from having to execute the script with each login. Note: Representatives can access the mobile representative console using SAML for mobile. To learn more, please see Log into the Representative Console at www.beyondtrust.com/docs/remote-support/getting-started/repios/howtousetherepconsole.htm and Log into the Representative Console for Android at www.beyondtrust.com/docs/remote-support/getting-started/repandroid/howtousetherepconsole.htm. CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 7

Log into the /login Interface using SAML Credentials From the /login interface, select Use SAML Authentication. If you have not yet logged in to your identity provider, you will be redirected to their site to enter your credentials. When you click Sign In you are taken to the /login interface. Note: If you are already logged into your identity provider, then when you click Use SAML Authenticationto log in, you are taken directly to the /login interface. Log into BeyondTrust from the Identity Provider Side Depending on your identity provider, you can opt to log into your BeyondTrust representative console or /login interface from the provider's web site. In this example, the provider has icons for the BeyondTrust applications. Simply log into your provider and click on the application you want to use. CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 8

Manage Security Providers: SAML Servers and Others View Log View the status history or any errors for a security provider connection. Disable Disable this security provider connection. This is useful for scheduled maintenance, when you want a server to be offline but not deleted. CONTACT BEYONDTRUST info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BEYONDTRUST.COM 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback