Defining SAML Single Sign-on in a CTERA Portal
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Defining SAML Single Sign-on in a CTERA Portal

  • Dark
    Light
  • PDF

Article Summary

Before setting up SAML in the portal you must make sure that the username for every user in the portal is that user’s email.

To check a username:

  1. Select Users > Users in the navigation pane.
    The USERS page opens, displaying the users for the portal.
    image.png
  2. For each user, click the user’s name.
    The user window is displayed with the user name as the window title and more options.
    image.png
  3. Verify that the Username field in the Profile option, is the same as Email for that user.

To configure SAML single sign-on:

  1. Select Settings in the navigation pane.
    The Control Panel page is displayed.
    image.png

  2. Select SSO under USERS in the Control Panel page.
    The Single Sign On window is displayed.
    image.png

  3. Select SAMLv2 from the drop-down box.
    Additional fields are displayed.
    image.png

  4. Enter the details of the SAML identity provider:
    Entity ID/Issuer ID – The identity provider that issues the SAML assertion. This is a free text string that uniquely identifies your SAML identity provider and must match the entity ID that you choose when signing up for the identity provider's SSO service.

    Sign-in page URL – The URL that CTERA Portal redirects to when signing in. You need to get this from the provider.

    • Okta – The EMBED LINK value.
    • OneLogin – The SAML 2.0 Endpoint (HTTP) value.
    • ADFS – The ADFS server URL. For example, https://exampleAD.adfs.local/adfs/ls
    • Azure Active Directory – The Login URL from the fourth part of the SAML-based Sign-on blade, from the procedure described in Configuring Microsoft Azure Active Directory to Work with CTERA Portal.
    • Swivel AuthControl Sentry – The AuthControl Sentry start page.

    Log-out page URL – The URL that CTERA Portal redirects to when logging out of the portal. Without this URL configured, a logout will redirect to the sign-in page URL and log the user back into the portal.

    • Okta – Either the default Okta sign-out page is used or a customized sign-out page defined in Okta.
    • OneLogin – The SAML Single Logout URL value. This is optional.
    • ADFS – The logout URL. This is the same as the Sign-in Page URL.
    • Azure Active Directory – The Logout URL from the fourth part of the SAML-based Sign-on blade, from the procedure described in Configuring Microsoft Azure Active Directory to Work with CTERA Portal.
    • Swivel AuthControl Sentry – The logout page.

    Identity Provider Certificate – The authentication certificate issued by the provider. You need to get this from the provider, usually by download from the provider's site. .pem and .cer certificates are valid. Click Upload to upload your provider's certificate to the portal.

    • Okta – The certificate downloaded from Okta and converted to .pem.
    • OneLogin – The X.509 PEM certificate downloaded from OneLogin.
    • ADFS – The Token-signin certificate from the ADFS .cer certificates saved to a file. This certificate must be a known root CA and not a self-signed certificate.
    • Azure Active Directory – The Certificate (Base64) that you downloaded from the third part of the SAML-based Sign-on blade, from the procedure described in Configuring Microsoft Azure Active Directory to Work with CTERA Portal.
    • Swivel AuthControl Sentry – The Identity ID, from the procedure described in Configuring Swivel AuthControl Sentry to Work with CTERA Portal.
  5. Click SAVE.

Note

When the SAML identity provider is also connected to Active Directory, the user name to log in to the portal must be defined in the portal. The SAML response can be the user name or a unique customized filed, such as the user email and UPN (user principal name).


Was this article helpful?