| Panel | |
|---|---|
|
Overview
...
A list of administrator accounts and local account with fewer privileges can be defined on the UDMG Server database. They can login with the local authentication provider that is enabled for any service; therefore, these accounts will always be accessible for cases where, for example, Single Sign-On Settings are incorrectly configured or the Identity Provider is inaccessible.
Example Configuration:
Assuming the following service configuration on the UDMG Authentication Proxy, the below sections describe how to add the saml provider as option for user authentication.
| Code Block | ||
|---|---|---|
| ||
[service.sso] protocol = "http" policy = "failover" [service.sso.credential] username = "user" password = "password" [[service.sso.targets]] hostname = "udmg.stonebranch.com:" port = 10808 |
...
Example with Okta App Integration
Before you begin
The Single sign on URL (SAML Post URL location, or callback URL) must be determined.
It will be in the form https://<FQDN>:<PORT>/service/auth/sso/saml/callback, where FQDN and PORT are the name and port for the host where the UDMG Authentication Proxy and NGINX server are installed.
For example https://udmg.stonebranch.com:8080/service/auth/sso/saml/callback.
SAML integration on Okta
To configure the SAML integration on Okta, follow these steps:
- Sign in to your Okta tenant as an administrator.
- In the Admin Console, navigate to Applications > Applications.
- .Click Create App Integration
- In the Create a new app integration dialog, choose SAML 2.0 and click Next..
- Enter an App name such as UDMG SSO and click Next:
In Configure SAML step, in the SAML Settings section, enter value for
Single sign on URL
- Keep the other default setting and click Next.
...
- Review the configuration for Sign On Settings
- Follow the View SAML setup instructions link.
- From this view, keep the Identity Provider Single Sing-On URL for later and download the X.509 Certificate.
...