Defining SAML Single Sign-on in a CTERA Portal

To configure SAML single sign-on:

1. In the global administration view, select Settings in the navigation pane.
   The Control Panel page is displayed.
   
2. Select SSO under USERS in the Control Panel page.
   The Single Sign On window is displayed.
   
3. Select SAMLv2 from the drop-down box.
   Additional fields are displayed.
   
4. Enter the details of the SAML identity provider and then click SAVE:
   Entity ID/Issuer ID – The identity provider that issues the SAML assertion. This is a free text string that uniquely identifies your SAML identity provider and must match the entity ID that you choose when signing up for the identity provider's SSO service.

Okta – The Service Provider Entity Id value.

OneLogin – The SAML Audience value.

Microsoft ADFS – The Relying party trust identifier value (see Configuring Microsoft ADFS to Work with CTERA Portal). For example, ctera-adfs. The value must be exactly the same as the Relying party trust identifier value, and is case sensitive.

Microsoft  Azure Active Directory – The Azure AD Identifier from the fourth part of the SAML-based Sign-on blade, when configuring Microsoft Azure Active Directory to work with CTERA Portal.

Swivel AuthControl Sentry – The entity ID that you choose when signing up for the Swivel AuthControl Sentry SAML Application, described in configuring Swivel AuthControl Sentry  to work with CTERA Portal. The format is similar to the following example: https://172.23.9.35:8443/sentry/saml20endpoint

Sign-in page URL – The URL that CTERA Portal redirects to when signing in. You need to get this from the provider.

Okta –The EMBED LINK value.

OneLogin – The SAML 2.0 Endpoint (HTTP) value.

Microsoft  ADFS – The ADFS server URL. For example, https://exampleAD.adfs.local/adfs/ls

Microsoft  Azure Active Directory – The Login URL from the fourth part of the SAML-based Sign-on blade, when configuring Microsoft Azure Active Directory to work with CTERA Portal.

Swivel AuthControl Sentry – For example, https://172.23.9.35:8443/sentry/saml20endpoint

Log-out page URL – The URL that CTERA Portal redirects to when logging out of the portal. Without this URL configured, a logout will redirect to the sign-in page URL and log the user back into the portal.

Okta –Either the default Okta sign-out page is used or a customized sign-out page defined in Okta.

OneLogin – The SAML Single Logout URL value. This is optional.

Microsoft  ADFS – The logout URL. This is the same as the Sign-in Page URL.

Microsoft  Azure Active Directory – The Logout URL from the fourth part of the SAML-based Sign-on blade, when configuring Microsoft Azure Active Directory to work with CTERA Portal.

Swivel AuthControl Sentry – The redirect URL.

Identity Provider Certificate – The authentication certificate issued by the provider. You need to get this from the provider, usually by download from the provider's site. .pem and .cer certificates are valid. Click Upload to upload your provider's certificate to the portal.

Okta –Either the default Okta sign-out page is used or a customized sign-out page defined in Okta. 

OneLogin – The X.509 PEM certificate downloaded from OneLogin.

Microsoft  ADFS – The Token-signin certificate from the ADFS .cer certificates saved to a file. This certificate must be a known root CA and not a self-signed certificate.

Microsoft  Azure Active Directory – The Certificate (Base64) that you downloaded from the third part of the SAML-based Sign-on blade, when configuring Microsoft Azure Active Directory to work with CTERA Portal .

Swivel AuthControl Sentry – The authentication certificate for SSO that you saved when configuring Swivel AuthControl Sentry to work with CTERA Portal.