| Panel | |
|---|---|
|
...
UDMG Authentication Proxy uses SAML Single Sign-On for authentication and User Provisioning. All user and group authorization must be configured within UDMG through Permission assignment.
Example Configuration:
| Code Block | ||
|---|---|---|
| ||
[service.local] protocol = "http" policy = "failover" admins = ["admin"] [service.local.credential] username = "user" password = "password" [[service.local.targets]] hostname = "<fqdn>" port = <port> |
Example with Okta App Integration
Before you begin
...
The Single sign on URL (SAML Post URL location, or callback URL) must be determined.
It will be in the form https://<FQDN>:<PORT>/service/auth/sso/saml/callback, where FQDN and PORT are the name and port for the host where the UDMG Authentication Proxy and NGINX server are installed.
For example https://udmg.stonebranch.com:8080/service/auth/sso/saml/callback.
SAML integration on Okta
To configure the SAML integration on Okta, follow these steps:
...
- Enter an App name such as UDMG SSO and click Next:
In Configure SAML step, in the SAML Settings section, enter value for
Single sign on URL
- Keep the other default setting and click Next.
...
- From this view, keep the Identity Provider Single Sing-On URL for later and download the X.509 Certificate.
SAML integration on UDMG
To configure the SAML integration on UDMG Authentication Proxy, follow these steps.
...
- Add a file parameter with a filename, for example
udmg-sso-okta.json - Create this configuration file in the same location as the UDMG Authentication Proxy configuration pathfile
| Code Block | ||
|---|---|---|
| ||
{
"entityIssuer": "udmg-sso",
"ssoURL": "https://dev-39492773.okta.com/app/dev-39492773_udmgsso_1/exk9a2wo9rT8orbpj5d7/sso/saml",
"ca": "/config/udmg-okta-sso.cert",
"redirectURI": "https://udmg.stonebranch.com:8080/service/auth/sso/saml/callback",
"insecureSkipSignatureValidation": true,
"usernameAttr": "name",
"emailAttr": "name",
"groupsAttr": "groups"
} |
...