Configuring the IdP metadata and enabling the SSO connection - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

Configure the IdP metadata in Address Manager. Obtain the metadata information from your IdP.

Note: Completing the steps below will enable the SSO Enabled mode.
  1. Select the Settings tab in the sidebar.
  2. Under System security, select Authenticators.
  3. Select New > SAML identity provider.
  4. Under IdP Settings set the following parameters:
    1. Name (required): the name of the IdP configuration
    2. Description (optional): a brief description of the IdP configuration
    3. Email attribute name (required): attribute name for Email in SAML response. The default value is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress which is the default claim email in the IdP server (ADFS).
    4. Group attribute name (required): attribute name for Group in SAML response. The default value is http://schemas.xmlsoap.org/claims/Group which is the default claim group in the IdP server (ADFS).
      Important: The default email and group attribute names are for ADFS. The format and syntax of the email and group names are different per IdP.
    5. Enable SSO (required): The default value is Enable. Before enabling SSO, you must configure Address Manager as a service provider and create SSO groups. For more information, refer to Configuring Address Manager as a Service Provider and Creating SSO groups.
  5. On the IdP Metadata tab, drag and drop or select the XML metadata file.
    The IdP metadata populates in the Sign in URL, Single logout URL, and Entity ID fields.
    Note: Address Manager does not support SP-initiated single logout (SLO).
  6. On the Change control tab, enter a change control comment if required.
  7. Select Create or Create and add another.
    If you previously selected the checkbox for Enable SSO, SSO Enabled mode is now activated.
    Note: SSO Enabled mode
    In SSO Enabled mode, the following apply:
    • Users can log in to Address Manager using external authenticators such as LDAP, TACACS+, RADIUS, Microsoft Active Directory, and Kerberos.
    • BAM allows local users (GUI and API)
    • The BAM login page has two login options:
      • SSO login
      • Local login
The next step is to test the SSO connection. You can remain on this page to test the connection.