Online Help for Identity Management

Help pages provide context-sensitive help information related to this feature.

Identity Management

Use this tab to register an application if you are using Identity Provider (IdP)/Service Provider (SP) single sign-on. Single sign-on with an IdP/SP is available for the Web Console and for the CommCell. For more information, see Single Sign-On for the Web Console and Multi-CommCell Single Sign-On (SSO) Overview.

The following information is displayed:

• Application Type

  The type of application used for external authentication.

• Application name

  The user-defined name of the application.

• Application key

  The application key assigned to the application.

• Enabled

  If the check box is selected, the application is enabled. If the check box is cleared, the application is disabled.

• Description

  The user-defined description of the application.

Add

Click to add a new application. For information on the dialog box used to add new applications, see Add/Edit/View Application info.

View

Click to view the application and the application key, token, and secret associated with it.

Edit

Click to edit an application. For information on the dialog box used to edit applications, see Add/Edit/View Application info.

The application token and application secret cannot be manually edited. For information on creating a new application token and application secret, see Renew.

Renew (Available when Application Type equals Regular)

Click to create a new application token and application secret for the application.

Delete

Click to delete the application and the application key, token, and secret associated with it.

Add/Edit/View Application Info (General)

Use these dialog boxes to add an application or to edit or view application information. These dialog boxes open when Add, View, or Edit is clicked from the Identity Management dialog box. For information on the Identity Management dialog box, see Identity Management.

Register New Identity Provider (Available when Application Type equals CommCell)

• XML File Path

  The path to the IdP certificate that was exported as an XML file when the IdP metadata was created.

• Redirect URL

  The URL for the Web Console that acts as the IdP. The redirect URL is automatically populated with the URL from the IdP certificate.

• Enter User Name and Press Tab for IDP Redirection

  Users and user groups select from a list of CommCell IdPs when they log on. To select the users and user groups this applies to, click the Association tab.

Application Info

• Display Name (Available when Application Type equals CommCell)

  The name of the application. The name is automatically populated with the name from the IdP certificate.

• Application name

  The user-defined name of the application.

• Application key (Not available in the "Add" dialog box)

  The application key assigned to the application.

• SP Initiated Link (Available when Application Type equals SAML. Not available in the "Add" dialog box)

  The complete URL for the service provider initiated flow. For information on creating URLs for SAML interactions, see Creating URLs for SAML Interactions.

• Enabled

  If the check box is selected, the application is enabled. If the check box is cleared, the application is disabled.

Description

The user-defined description of the application.

Add/Edit/View Application Info

Third Party (Edit and View)

The information in this tab is read-only. To generate a new application token and application secret, use the Renew button in the Identity Management dialog box.

Application token

The application token assigned to the application.

Application secret

The application secret assigned to the application.

SAML

Use this tab to add provider metadata for use with SAML authentication. This tab is available when Add > SAML is selected.

Enter User Name and Press Tab for IDP Redirection

Users and user groups select from a list of SAML IdPs when they log on. To select the users and user groups this applies to, click the Association tab. If the Enter User Name and Press Tab for IDP Redirection check box and the Auto Redirect to IDP check box are both selected, the following behavior occurs:

• When users access the URL defined in the Entity ID > Web Console box, the Auto Redirect to IDP option takes precedence.

• If users access a URL other than the URL defined in the Entity ID > Web Console box (such as an alias for the Web Console URL), the Enter User Name and Press Tab for IDP Redirection option takes precedence.

Auto Redirect to IDP

Users are automatically redirected to the Identity Provider (IdP) when they access the URL defined in Entity ID > Web Console box. If the Auto Redirect to IDP check box and the Enter User Name and Press Tab for IDP Redirection check box are both selected, the following behavior occurs:

• When users access the URL defined in the Entity ID > Web Console box, the Auto Redirect to IDP option takes precedence.

• If users access a URL other than the URL defined in the Entity ID > Web Console box (such as an alias for the Web Console URL), the Enter User Name and Press Tab for IDP Redirection option takes precedence.

Upload IDP Metadata

• File Path

  The location and file name of the XML file that contains the Identity Provider (IdP) metadata.

• Entity ID

  A unique ID for the Identity Provider (IdP). This information is uploaded from the IdP metadata file.

• Redirect Url

  The URL the Service Provider (SP) uses to send the initial SAML authentication request to the Identity Provider (IdP). The request information is encoded and sent as part of the URL. This information is uploaded from the IdP metadata file.

• Logout Url

  The URL users are redirected to when they log off. This information is uploaded from the IdP metadata file.

Reuse\Generate SP metadata

• Use submitted metadata

  This option is available if Service Provider (SP) metadata exists. Select this option to keep the existing SP metadata when you update the Identity Provider (IdP) metadata.

• Generate new metadata

  Select this option to generate Service Provider (SP) metadata or to replace existing SP metadata.

• Keystore File Path

  The location and file name of the key store file.

• Alias Name

  The alias name used in the key store file.

• Key Store Password

  The key store password used for the key store file.

• Key Password

  The key password used in the key store file.

• Metadata Save Location

  The location and file name for the Service Provider (SP) metadata XML file. The XML is created once OK is clicked.

Entity ID

• Web Console

  The Web Console to use with SAML authentication.

Get SP Metadata

Click to save the SP metadata XML file to a new location. The SP metadata XML file was created when the provider metadata was configured. For information on creating provider metadata, see Configuring Provider Metadata for SAML Integration.

Add/Edit/View Application Info (Association)

For CommCell applications: Select users and user groups who can choose from a list of CommCell IdPs when they log on.

For SAML applications: Select users and user groups who can choose from a list of SAML IdPs when they log on.

Local Identity Management

Enable

Select to have the CommCell act as the Identity Provider (IdP). The IdP CommCell stores and serves user identity metadata and generates Security Assertion Markup Language (SAML) tokens to authenticate users.

• Export

  When the CommCell is the IdP, you can click Export to save the IdP metadata as an XML file.

• Renew

  When the CommCell is the IdP, you can click Renew to renew the certificate.

• This commcell can issue SAML tokens for users belonging to this section.

  Select the users and user groups for whom SAML tokens can be issued.

• Redirect URL

  The Web Console through which the user accesses the IdP CommCell. For example, when you access a SP Web Console and you are not logged on, you are redirected to the Web Console defined here.

• Webservice URL

  The URL for the Web service.

View certificate

Certificate Data

The encoded Service Provider (SP) certificate.