This section provides step-by-step instructions explaining how to set up SSO in Address Manager.
Before you Begin
To enable SSO, you need the following:
- Address Manager v9.2.0 or greater
- Open port 443 in Address Manager and the IdP
- Address Manager can access the IdP either on premises or cloudImportant: Enabling SSO in Address Manager impacts users, user groups, external auhenticators, and API access. BlueCat strongly recommends using a Test Environment with mock users, user groups, and external authenticators to test and validate SSO behaviour. In addition, you should also perform a database backup before enabling SSO.
What you need from Address Manager to set up your Single Sign-On connection
To set up the SSO connection, you need the following from Address Manager:
- Address Manager domain name
- Public/private key of the HTTPS server or PKCS archive file
What Address Manager needs from your IdP
To set up the SSO connection, you need the following from your IdP:
- Name ID format
- Email attribute name
- Group attribute name
- Metadata file (XML) or metadata URL containing all of the above information. For more information, refer to your IdP's documentation on how to download the metadata file.
What your IdP needs from Address Manager
To set up the SSO connection, your IdP needs the following from Address Manager:
- Entity ID or Audience URI
- Consume URL, Callback URL, Post-back URL, or Assertion Consumer URLNote: The names of Entity ID and Consume URL will vary by IdP; additional SAML assertions might also be necessary.