Apica supports Single Sign-On (SSO) using SAML and Centrify.
Centrify provides an identity provider (IdP) service with its own users and roles management, integrating with ASM.
How to Create a User in Centrify
Step | Screenshot |
---|---|
To access the SSO settings, click the button in the top right corner of the User view. | |
Click the green “Single Sign-On (SAML 2.0) button Settings Dialog screen. | |
The SSO view contains all settings needed to connect a user account with a SAML provider account. | |
Configuration | |
EnableThe Enabled section contains a setting for enabling or disabling Single Sign-On for the account. The Enabled setting applies to the current account only. | |
Identity Provider (SAML Metadata URL)The Identity Provider section contains settings for connection to the SAML provider. If the SAML provider has a SAML metadata URL, you can use that. ASM will extract the needed login URL and certificate automatically. | |
Identity Provider (Specify Settings)For other SAML providers, you may need to specify settings manually. Sign-in URL (The IdP Login URL, which you can find in the provider's settings.) Signing Certificate (Certificate for sign-in, which you can download from the provider app settings.) | |
SERVICE PROVIDERUse this information about ASM as a Service Provider to set up your Identity Provider.
| |
SAML ATTRIBUTE STATEMENTS MAPPINGASM requires several attributes to be presented in SAML assertion. Note that attribute names may include namespaces.
| |
ROLES MAPPINGThe Identity Provider User roles/groups must map to User Roles and Monitor Groups to access Apica Synthetic Monitoring. Make sure that SAML roles you use already exist in Centrify. Identity Provider Roles Mapping (Associate roles used in the IdP with User Roles and Monitor Groups in ASM)
Overwrite Access Settings for Monitor Groups (Access settings for Monitor Groups will be overwritten every time the user logs in.)
| |
VARIOUS SETTINGS
| |
Cancel/Test/SaveTo Cancel any Changes or Test to verify that your settings work, you can use the corresponding buttons.
|
Loggin into ASM using Centrify’s SSO
You can log in with a user existing in Centrify and be granted access to the application (it's described above). After successful login, you will be redirected back to ASM. If you were already logged in to Centrify, then you will be redirected automatically to ASM. If you want to use another test user, go to the Centrify user SSO page (https://12345.my.centrify.com/my and press log out).
Step | Screenshot |
---|---|
With the setup used in the examples above, go to http://alpha.foo.com, log out. | |
On the log in page, choose "Sign in using SSO" | |
Insert customer name SSOTestA, and press "Continue." You will be redirected to the Centrify log-in page. |
You can log in with a user existing in Centrify and granted access to the application, as described above.
After successful login, you will be redirected back to ASM.
If you were already logged in to Centrify, then you will be redirected automatically to ASM.
If you want to use another test user, go to the Centrify user SSO page and press log out.