Before enabling Single Sign-On, you need to secure Address Manager with an SSL certificate. Obtain this certificate from the IdP then upload it to Address Manager.
- In Address Manager, select the Administration tab.
- Under User Management, click Secure Access.
-
Under General, complete the following:
- Select Server—by default, this is the IP address of a standalone Address Manager server. If running Address Manager in replication, use the drop-down menu to select the IP address of Primary or Standby Address Manager servers.
- HTTP—from the drop-down menu, select either
Enable, Disable, or
Redirect to HTTPS.Note: Selecting Redirect to HTTPS will redirect users to HTTPS if they attempt to access Address Manager using HTTP. You must have HTTPS enabled to use Redirect to HTTPS.
- If the Address Manager domain name is configured to resolve to an IPv6 address, enabling Redirect to HTTPS will redirect the domain name in the URL to an IPv6 address, resulting in an unknown certificate warning in your browser. For more information, refer to knowledge base article 5978 on BlueCat Customer Care.
- HTTPS—from the drop-down menu, select Enable.
- Under Server Certificate Settings, select Custom > Load Custom Certificate.
-
Under Upload Certificate, complete the following:
- Private Key—click Choose File to upload the private key.
- Select Use Password to provide security for the private key. Once selected, the Password field opens. Enter an alphanumeric password to secure your private key.
- Domain Signed Certificate—click Choose File to upload the CA certificate.
- Click Update. The Confirm Web Access Configuration opens.
- Under Confirm Configuration, verify your changes. Listed changes will include the IP address of the Address Manager server, HTTPS or HTTPS status (enable/disable), and certificate type.
- Click Yes. The Address Manager server will be temporarily unavailable as the changes are committed and the server restarts.