Security Provider Integration SAML Single Sign-On

Similar documents
Security Provider Integration SAML Single Sign-On

Security Provider Integration: SAML Single Sign-On

Security Provider Integration Kerberos Server

Security Provider Integration RADIUS Server

Bomgar Privileged Access Smart Cards

Smart Cards for Remote Authentication 3. Prerequisites 3. Install the Smart Card Driver 4

Security Provider Integration: Kerberos Server

Privileged Access Management Android Access Console 2.2.2

Security Provider Integration Kerberos Authentication

Security Provider Integration LDAP Server

Real-Time Dashboard Integration Bomgar Remote Support

Privileged Access Access Console User Guide 17.1

Supporting Apple ios Devices

Salesforce Integration Use Case

Remote Support Security Provider Integration: RADIUS Server

Privileged Access Access Console User Guide 18.1

Android Rep Console

Bomgar PA Integration with ServiceNow

Bomgar Vault Server Installation Guide

Remote Support Web Rep Console

JIRA Integration Guide

Two-Factor Authentication Guide Bomgar Remote Support

Bomgar Connect Android Rep Console 2.2.9

Atlas Technology Deployment Guide

Privileged Access Access Console User Guide 18.2

Microsoft Dynamics CRM Integration with Bomgar Remote Support

Privileged Access Management User Guide 15.3

RED IM Integration with Bomgar Privileged Access

Privileged Access Integration Client Guide

Bomgar Remote Support Representative Guide 16.1

Bomgar Connect Android Rep Console 2.2.6

How to Use Session Policies

Failover Configuration Bomgar Privileged Access

Integration Client Guide

Bomgar Connect Support Apple ios Devices

Security in Bomgar Remote Support

Bomgar SNMP Reference Guide

Privileged Access Administrative Interface 17.1

Configuring Failover

Bomgar SIEM Tool Plugin Installation and Administration

Privileged Access Management User Guide 15.1

RSA SecurID Access SAML Configuration for Datadog

Remote Support Jumpoint Guide: Unattended Access to Computers in a Network 4. Recommended Steps to Implement Bomgar Jump Technology 5

RSA SecurID Access SAML Configuration for Kanban Tool

How to Customize Support Portals

Supporting Android Devices

Privileged Access Jump Client Guide

Privileged Access Middleware Engine Installation and Configuration

Bomgar Connect ios Rep Console 2.2.7

Bomgar Remote Support Administrative Guide 16.2

Bomgar Appliance Upgrade Guide

Privileged Access Appliance Hardware Installation

Remote Support Jump Client Guide: Unattended Access to Systems in Any Network 3. Recommended Steps for Implementing Bomgar Jump Technology 4

Integrate HEAT Software with Bomgar Remote Support

Supporting ios Devices

Privileged Access Management Administrative Guide 15.1

Syslog Message Reference Bomgar Support 16.1

Bomgar Cloud Support Admin 15.2

Bomgar Remote Support Administrative Guide 17.1

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Microsoft Dynamics CRM Integration with Remote Support

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Bomgar Remote Support Integration with BMC Remedy

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Administrative Guide Standard Licensing

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Privileged Identity App Launcher and Session Recording

User Guide. Version R92. English

Privileged Remote Access Access Console User Guide 18.3

Privileged Remote Access Jumpoint Guide

Privileged Remote Access Two-Factor Authentication

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Quick Connection Guide

User Guide. Version R94. English

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

Google Auto User Provisioning

RSA SecurID Access SAML Configuration for StatusPage

Bomgar Remote Support Representative Guide 17.1

Setting Up Resources in VMware Identity Manager

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Security in the Privileged Remote Access Appliance

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Integration Guide. SafeNet Authentication Service. Protecting SugarCRM with SAS

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Bomgar Remote Support Representative Guide 18.2

API Programmer's Guide Bomgar PA

Remote Support Appliance Installation

Appliance Upgrade Guide

Slack Connector. Version 2.0. User Guide

Quick Connection Guide

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Remote Support 19.1 Web Rep Console

Privileged Remote Access Failover Configuration

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Appliance Interface Guide (/appliance) Base 5.x

Bomgar Cloud Support Admin 18.2

Failover Dynamics and Options with BeyondTrust 3. Methods to Configure Failover Between BeyondTrust Appliances 4

SAML-Based SSO Solution

Transcription:

Security Provider Integration SAML Single Sign-On 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners. TC:6/7/2018

Table of Contents SAML for Single Sign-On Authentication 3 Create and Configure the SAML Security Provider 4 Log in Using SAML Single Sign-On 7 Log into the Access Console Using SAML Credentials 7 Log into the /login Interface using SAML Credentials 8 Log into Bomgar from the Identity Provider Side 8 Manage Security Providers: SAML Servers and Others 9 CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 2

SAML for Single Sign-On Authentication Integration of your Bomgar Appliance with external identity providers enables administrators to efficiently manage user access to Bomgar accounts by authenticating users against external directory stores. This guide is designed to help you configure the Bomgar Appliance to communicate with an identity provider using SAML 2.0 for the purpose of user authentication and group lookup. Should you need any assistance, please contact Bomgar Technical Support at help.bomgar.com. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 3

Create and Configure the SAML Security Provider Go to /login > Users & Security > Security Providers. From the dropdown, select the type of server you want to configure. Then click the Create Provider button. Note: You can configure only one SAML provider. General Settings Name This unique name helps to identify your provider. The name for your SAML provider is auto-generated and cannot be edited at this time. Enabled If checked, your Bomgar Appliance can search this security provider when a user attempts to log in. If unchecked, this provider will not be searched. User Provision By default, user provisioning occurs on this provider. If you have a SCIM provider set up, you can choose to provision users through that provider instead. Identity Provider Settings Metadata The metadata file contains all the information needed for the initial setup of your SAML provider and must be downloaded from your identity provider. Save the XML file, and then click Choose File to select and upload the selected file. Note: The fields for Entity ID, Single Sign-On Service URL, and Certificate are automatically populated from the identity provider's metadata file. If you cannot get a metadata file from your provider, this information can be entered manually. Entity ID This is the unique identifier for the identity provider you are using. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 4

Single Sign-On Service URL When you want to log into Bomgar using SAML, this is the URL where you are automatically redirected so you can log in. Protocol Binding This determines whether an HTTP POST occurs or whether the user is redirected to the sign-on URL. This should be left as redirect unless otherwise required by the identity provider. Certificate This certificate is used to verify the signature of the assertion sent from the identity provider. Service Provider Settings Metadata Download the Bomgar metadata, which you then need to upload to your identity provider. Entity ID This is your Bomgar URL. It uniquely identifies your site to the identity provider. Private Key If necessary, you can decrypt messages sent by the identity provider, if they support and require encryption. Click Choose File to upload the private key necessary to decrypt the messages sent from the identity provider. User Provision Settings (Visible Only if This Provider is Used for User Provisioning) User Attribute These attributes are used to provision users within Bomgar. The default values match Bomgar-certified applications with various identity providers. If you are creating your own SAML connector, you may need to modify the attributes to match what is being sent by your identity provider. Authorization Settings (Visible Only if This Provider is Used for User Provisioning) Group Lookups This is the SAML attribute that contains the names of groups to which users should belong. The default name for the Bomgar applications is "Groups". Note: If the attribute value contains multiple group names, you need to specify the delimiter used to separate their names. If the delimiter is left blank, then the attribute value may contain multiple XML nodes with each one containing a different name. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 5

Available Groups Allows a predefined list of groups to be associated with the security provider. This list can then be used to associate a group with the appropriate group policy. Default Group Policy Each user who authenticates against an external server must be a member of at least one group policy in order to authenticate to your Bomgar Appliance, logging into either the /login interface or the access console. You can select a default group policy to apply to all users allowed to authenticate against the configured server. Note that if a default policy is defined, then any allowed user who authenticates against this server will potentially have access at the level of this default policy. Therefore, it is recommended that you set the default to a policy with minimum privileges to prevent users from gaining permissions that you do not wish them to have. Note: If a user is in a default group policy and is then specifically added to another group policy, the settings for the specific policy will always take precedence over the settings for the default, even if the specific policy is a lower priority than the default, and even if the default policy's settings are set to disallow override. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 6

Log in Using SAML Single Sign-On Users can utilize SAML single sign-on to gain access to the access console or /login interface. Alternatively, a login can be initiated from the identity provider's side. Log into the Access Console Using SAML Credentials To log into the Bomgar access console, select SAML Credentials from the dropdown menu. If you have not yet logged into your identity provider, you will be redirected using the default browser. Once authenticated, a Bomgar access console script is downloaded to gain access to the access console. Note: The BRCS file that is downloaded is configured by default to open the access console. Most browsers can be configured to do this automatically, which will keep the user from having to execute the script with each login. Note: Users can access the mobile access console using SAML for mobile. To learn more, please see Log into the Access Console at www.bomgar.com/docs/privileged-access/getting-started/access-console/apple-ios/access-console.htm and Log into the Access Console for Android at www.bomgar.com/docs/privileged-access/getting-started/accessconsole/android/access-console.htm. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 7

Log into the /login Interface using SAML Credentials From the /login interface, select Use SAML Authentication. If you have not yet logged in to your identity provider, you will be redirected to their site to enter your credentials. When you click Sign In you are taken to the /login interface. Note: If you are already logged into your identity provider, then when you click Use SAML Authentication to log in, you are taken directly to the /login interface. Log into Bomgar from the Identity Provider Side Depending on your identity provider, you can opt to log into your Bomgar access console or /login interface from the provider's website. In this example, the provider has icons for the Bomgar applications. Simply log into your provider and click on the application you want to use. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 8

Manage Security Providers: SAML Servers and Others View Log View the status history or any errors for a security provider connection. Disable Disable this security provider connection. This is useful for scheduled maintenance, when you want a server to be offline but not deleted. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback