SAML Admin Guide. Version 1.0

Similar documents
DigiCert User Guide. Version 6.4

DigiCert User Guide (GÉANT)

DigiCert User Guide (GÉANT)

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

MyWorkDrive SAML v2.0 Okta Integration Guide

Integration Documentation. Automated User Provisioning Common Logon, Single Sign On or Federated Identity Local File Repository Space Pinger

ComponentSpace SAML v2.0 Okta Integration Guide

TCS SAML demo background

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

All about SAML End-to-end Tableau and OKTA integration

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Juniper Networks SSL VPN Integration Guide

Oracle Hyperion Financial Data Quality Management, Fusion Edition ERP Source Adapter for SAP. Readme. Purpose. Overview.

Integration of Identity Provider for Single Sign-On

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Connect-2-Everything SAML SSO (client documentation)

Integrating YuJa Active Learning into Google Apps via SAML

User Management in Resource Manager

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Integration of the platform. Technical specifications

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

RSA SecurID Access SAML Configuration for Datadog

Administration. STILOG IST, all rights reserved

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

SLCS and VASH Service Interoperability of Shibboleth and glite

Quick Connection Guide

Morningstar ByAllAccounts SAML Connectivity Guide

RSA SecurID Access SAML Configuration for Kanban Tool

Security Provider Integration SAML Single Sign-On

RSA SecurID Access SAML Configuration for Brainshark

Managing User Roles and Users in LMS

Security Provider Integration: SAML Single Sign-On

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Let your customers login to your store after pre-approval

Security Provider Integration SAML Single Sign-On

Google SAML Integration

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

PingOne. How to Set Up a PingFederate Connection to the PingOne Dock. Quick Start Guides. Version 1.1 December Created by: Ping Identity Support

RSA SecurID Access SAML Configuration for StatusPage

VMware Identity Manager Administration

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Centrify for Dropbox Deployment Guide

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

ADP Federated Single Sign On. Integration Guide

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Unity Connection Version 10.5 SAML SSO Configuration Example

SAML-Based SSO Solution

ShipStation Connect. Which scenario works for you?

.NET SAML Consumer Value-Added (VAM) Deployment Guide

Feature 2. How should existing users update their Outlook plugin? 2. How do I install the latest version of the Outlook Desktop Widget?

Integration Guide. LoginTC

WebEx Integration User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA

WebEx Connector. Version 2.0. User Guide

Configuring the vrealize Automation Plug-in for ServiceNow

MyWorkDrive SAML v2.0 Azure AD Integration Guide

What is CBAS web? Overview on CBAS web for Access Control Systems:

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Setting Up the Server

SecureAuth IdP Realm Guide

SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager

RSA SecurID Access SAML Configuration for Samanage

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

Introduction to application management

Single Sign-On for PCF. User's Guide

D9.2.2 AD FS via SAML2

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Configuring Apache Knox SSO

Integration Guide. SafeNet Authentication Service. Protecting SugarCRM with SAS

Advanced Configuration for SAML Authentication

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Tyler Identity User Account Management New World ERP Foundation

SAML-Based SSO Configuration

Administrator s Guide. June 15, 2018

Get Qualified User Manual

SAML-Based SSO Solution

Managing GSS Devices from the GUI

Comodo Certificate Manager

2.2 USERS MANUAL. Overview

VMware Horizon Client Install & Login - Android

Add OKTA as an Identity Provider in EAA

REDCap Survey Participant List

This documentation will go over how to install Sharepoint for configuring with Panopto.

CivicPlus Platform FAQs

Registrations Participant Logins. Existing Participants No Active Account

Identity Provider for SAP Single Sign-On and SAP Identity Management

CertCentral Public SSL/TLS Certificate CT Logging Guide

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Marketo Adobe Connect Adapter. User Guide Version 2.1

Almadallah Healthcare Management

penelope case management software AUTHENTICATION GUIDE v4.4 and higher

User Registration Guide for SciFinder Key Contacts

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Site Administrator Help

DocuSign Single Sign On Implementation Guide Published: June 8, 2016

Transcription:

SAML Admin Guide Version 1.0

Contents 1 SAML Service Workflow... 3 1.1 Step 1: Terena Level... 3 1.2 Step 2: NREN Level... 3 1.3 Step 3: Participant Level... 3 1.4 New Login URL... 3 2 SAML Role and Account Access... 3 2.1 SAML Admin Role... 3 2.1.1 Terena Level SAML Admin Role... 3 2.1.2 NREN Level SAML Admin Role... 3 2.1.3 Participant Level SAML Admin Role... 4 2.2 Managing SAML Admins... 4 2.2.1 How to Add a SAML Admin to Your Account/Add the SAML Admin Role... 4 2.2.2 How to Edit User Accounts to Change User Roles/Add the SAML Admin Role... 5 3 Managing SAML Settings... 6 3.1 IDP Manager... 6 3.1.1 How to Configure the IDP Manager (Terena SAML Admin)... 6 3.2 Attribute Mapping... 7 3.2.1 How to Set Up Attribute Mapping (Terena or NREN SAML Admin)... 7 3.3 IDP Mapping... 9 3.3.1 How to Configure IDP Mapping (NREN SAML Admin)... 9 3.4 Organization Mapping... 9 3.4.1 How to Add an Organization Mapping (Participant SAML Admin)... 9 2 P a g e

1 SAML Service Workflow 1.1 Step 1: Terena Level The Terena SAML admin configures the full list of allowed IDPs (identity providers) via a single URL that contains multiple IDPs. 1.2 Step 2: NREN Level After the Terena SAML admin downloads the IDPs, each NREN SAML admin must configure their own Registration Authority to specify which of the IDPS their Participants (below them) may use. 1.3 Step 3: Participant Level Once the NREN SAML admin configures the Registration Authority, each Participant can then create an IDP Attribute Mapping between the DigiCert Validated Organization and the organization identifier sent in the SAML assertion. 1.4 New Login URL Along with the new SAML process changes, we have changed the login URL to: https://www.digicert.com/sso 2 SAML Role and Account Access The SAML admin role is available at the Terena, NREN, and Participant levels. However, what the SAML admin can do at each level is different. 2.1 SAML Admin Role 3 P a g e The primary function of the SAML Admin role is to allow an administrator to manage their SAML settings for their account. A SAML administrator s tasks may include configuring allowed IDPs, configuring their Registration Authority, creating an attribute mapping, etc. To access the SAML settings (IDP Manager, IDP Mapping, Attribute Mapping, and SAML Organization Mapping) you must be assigned the SAML Admin role or have the SAML Admin role as one of your roles (i.e. SAML Admin or Administrator + SAML Admin). 2.1.1 Terena Level SAML Admin Role This SAML Admin can access the IPD Manager, which they use to configure the allowed IDPs for the entire Terena system. This admin can also access Attribute Mapping, which they uses to configure the default attribute mappings for the entire Terena system. 2.1.2 NREN Level SAML Admin Role This SAML Admin can access IDP Mapping, which they can use to configure their Registration Authority for their NREN. They can enable any IDPs from the Terena level list of allowed IDPs.

This SAML Admin can also access Attribute Mapping, which they can use to override any of the default attribute mappings set up by the Terena SAML admin. 2.1.3 Participant Level SAML Admin Role This SAML Admin can access SAML Organization Mapping, which they can use to map a Validated Organization from the DigiCert system to an organization that is specified in the SAML assertion (schachomeorganization). 2.2 Managing SAML Admins 2.2.1 How to Add a SAML Admin to Your Account/Add the SAML Admin Role 1. In your account, in the sidebar menu, click Account > Manage Users. 2. On the Manage Users page, click + New User. 3. On the New Users page, provide the following details for the new user: First Name: Type the user s first name. Last Name: Email: Phone: Job Title: Username: Division: Type the user s last name. Type an email address at which the user can be contacted. Type a phone number at which the user can be reached. A phone number is required if the user will be an EV Verified User (able to approve EV Multi-Domain, EV SSL Plus, and EV Code Signing certificate requests) and/or a CS Verified User (able to approve Code Signing certificate requests). Type the user s job title. A job title is required if the user will be an EV Verified User (able to approve EV Multi-Domain, EV SSL Plus, and EV Code Signing certificate requests) and/or a CS Verified User (able to approve Code Signing certificate requests). Type the username for the user. Although you can create a unique username for each user, we recommend using their email address (i.e. john.doe@example.com). In the drop-down list, select the Division or Subdivision to which you want to assign the user. 4 P a g e

Role: Select a role(s) for the new user: SAML Admin or Administrator + SAML Admin. SAML Admin Note: 4. When you are finished, click Save User. To access the SAML settings in your account, you must be a SAML Admin. When assigning the SAML Admin role, you can just select that role (i.e. SAML Admin), or you can select that role along with another (i.e. Administrator + SAML Admin). The user should be added to the account (Account > Manage Users). The newly added user will be sent an email that contains a link, which lets them create a password to log into the account. 2.2.2 How to Edit User Accounts to Change User Roles/Add the SAML Admin Role 1. In your account, in the sidebar menu, click Account > Manage Users. 2. On the Manage Users page, in the Division drop-down list, select the Division or Subdivision to which the user belongs. 3. To the right of the user account whose details you need to modify, click View. 4. On the User s page, click Edit User. 5. On the Edit User page, change any of the following details: First Name: Edit the user s first name. Last Name: Edit the user s last name. Email: Edit the email address at which the user can be contacted. Phone: Add, edit, or remove the phone number at which the user can be reached. You must provide the user s phone number if you want them to be an EV Verified User (able to approve EV Multi-Domain, EV SSL Plus, and EV Code Signing certificate requests) and/or a CS Verified User (able to approve Code Signing certificate requests). 5 P a g e

Job Title: Add, edit, or delete the user s job title. You must provide the user s job title if the user will be an EV Verified User (able to approve EV Multi-Domain, EV SSL Plus, and EV Code Signing certificate requests) and/or a CS Verified User (able to approve Code Signing certificate requests). Username: Edit the username for the user. Although you can create a unique username for each user, we recommend using their email address. Role: Select a different role for/add another role to the user: SAML Admin or Administrator + SAML Admin. SAML Admin Note: To access the SAML settings in your account, you must be a SAML Admin. When assigning the SAML Admin role, you can just select that role (i.e. SAML Admin), or you can select that role along with another (i.e. Administrator + SAML Admin). 6. When you are finished, click Save User. 3 Managing SAML Settings 3.1 IDP Manager This is used to configure the IDP URL that contains all the allowed IDPs for the whole Terena system. The XML file containing the IDPs at this URL will be downloaded once a day; any new IDPs will be added automatically while any old IDPs will be removed. The process is done in the background; it may take a few minutes to pull down the new XML file and process it. 3.1.1 How to Configure the IDP Manager (Terena SAML Admin) 1. In your account, in the sidebar menu, click SAML > IDP Manager. 2. On the IDP Manager page, enter the following information: XML Collection URL: Enter IDP URL that contains all the IDPs metadata. Verification certificate Enter the certificate that was used to sign the IDP xml file. 6 P a g e

3. When you are finished, click Save Changes. 3.2 Attribute Mapping At the Terena level, this can be used to set up the default attribute mappings for the entire Terena System. At the NREN level, this can be used to change/overwrite the default attribute mappings if needed. 3.2.1 How to Set Up Attribute Mapping (Terena or NREN SAML Admin) 1. In your account, in the sidebar menu, click SAML > Attribute Mapping. 2. On the Attribute Mapping page, under Entitlements enter the following information for ordering certificates: Attribute name: Enter the attribute name. Attribute value(s): Enter the attribute value(s) you want to associate with the attribute name. Values can be comma or new line delimited. Overwrite default values Check this box to overwrite the default attribute values. 7 P a g e

3. Under IDP Attribute Map, enter the following information for the attributes that you want to map: Common Name: Enter the value for the common name or name to be displayed. Email Address: Enter the value for the email address. Organization: Enter the value for the organization (i.e. schachomeorganization). Person ID: Enter the value for the person s personal ID. Overwrite default values Check this box to overwrite the default attribute values. 4. When you are finished, click Save Changes. 8 P a g e

3.3 IDP Mapping This is used to configure the Registration Authority for the NREN. The Registration Authority is where the NREN SAML admin enables which IDPs (from the list of Terena allowed IDPs) they want to use for them and their Participants. 3.3.1 How to Configure IDP Mapping (NREN SAML Admin) 1. In your account, in the sidebar menu, click SAML > IDP Mapping. 2. On the IDP Mapping page, in the Registration Authority box, enter the straight string match from the value entered in the UI form and the registrationauthority in the IDP metadata. 3. When you are finished, click Save Changes. 3.4 Organization Mapping This is used to map a Validated Organization in the DigiCert system to an organization specified in the SAML assertion (i.e. schachomeorganization). When the Participant SAML Admin adds a mapping, the can select their IDP, their DigiCert Organization, and enter in their schachomeorganization value. 3.4.1 How to Add an Organization Mapping (Participant SAML Admin) 1. In your account, in the sidebar menu, click SAML Organization Mapping. 2. On the Organization Mapping page, click New Mapping. 3. In the Add Organization window, enter the following information to map an organization from your IDP to a Validated organization in your DigiCert account: 9 P a g e

Identity Provider: In the drop-down list, select an IDP. Organization: In the drop-down list, select a DigiCert validated organization. Attribute Value: Enter the organization value (i.e. schachomeorganization). 4. When you are finished, click Add Organization. 10 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback