Configure InCommon for SSO in your Code42 environment
-
- Final updated
-
- Save equally PDF
Who is this article for?
Incydr Professional, Enterprise, Gov F2, and Horizon
Incydr Bones, Advanced, and Gov F1
Instructor, no.
Incydr Professional person, Enterprise, Gov F2, and Horizon, yes.
Incydr Basic, Advanced, and Gov F1, yes.
CrashPlan Cloud, yes.
Retired product plans, yep.
CrashPlan for Small Business organisation, no.
Overview
This tutorial explains how to configure your Code42 cloud surroundings to use single sign-on (SSO) with the InCommon identity federation. If you accept an on-premises Code42 environs, come across this article instead.
This article assumes you are already familiar with SSO and the SAML standard. For more information about how the Code42 platform implements SSO, run into our Introduction to single sign-on.
Compatible Code42 platform components
Compatible With SSO
- Code42 app for Windows, Mac, and Linux
- Code42 console
Incompatible With SSO
- Code42 apps for iOS, Android, and Windows Phone
Considerations
External authentication systems
Our Customer Champions tin can assist with hallmark issues acquired by interaction with Code42 products. However, troubleshooting authentication bug outside your Code42 surroundings is across the telescopic of our Customer Champions. For assistance with external authentication systems, contact your hallmark vendor.
- To use this functionality, you must exist assigned the Identity Management Administrator role.
- Code42 usernames must match SSO usernames. How y'all accomplish this depends on how you deploy Code42 apps.
- Code42 supports service provider-initiated SSO but does not support identity provider-initiated SSO. Therefore, users cannot sign in to your Code42 surroundings from the identity provider's website or application, but instead must log in using a browser bookmark.
- SSO provides user authentication but does not provide user direction. Set upwardly SCIM provisioning or use the Code42 console to manage users.
- Code42 does not support Unmarried Logout (SLO). Users must sign out of the identity provider to cease their single sign-on session.
- The Code42 console expects SAML assertions to be signed. To configure Code42 to support advanced SAML asking configurations, see Set SAML attributes for SSO.
Earlier yous brainstorm
Verify identity provider configuration
- Make sure the SSL certificate of your SSO identity provider has been signed past a trusted Certificate Authority (CA).
- Make sure y'all have authoritative access to the identity provider or have contact with an identity provider administrator.
Verify network configuration
- Configure your private network, Net, and VPN settings to allow customer devices to communicate with your identity provider on port 443. Test customer connectivity to the identity provider before you proceed.
- If y'all want to utilise URL-based metadata substitution to configure Code42 and the identity provider to work together, make sure two-way advice is available between them on TCP port 443. If 2-way communication is non available or not allowed, you must download the identity provider's metadata file and go far accessible to Code42.
- Confirm the required ports with your identity provider to make up one's mind if custom ports are beingness used.
Determine whether you need to configure multiple Code42 tenants
Before you brainstorm configuring SSO for Code42, consider whether your company has more than 1 Code42 tenant that you need to connect to your SSO identity provider. Large companies and organizations ofttimes accept separate, dedicated Code42 cloud instances (or "tenants") in utilize by different groups or departments.
If you take more ane Code42 tenant to connect to your SSO identity provider, yous need to obtain an entity ID URL for each Code42 tenant. An entity ID is a unique string that identifies a specific tenant to your SSO identity provider. The tenant-specific entity ID URL is composed of the Code42 domain followed by the tenant ID, and tin exist found in the Code42 service provider metadata URL file in each tenant. For example:
"entityId": "https://example.com/42424daa-424c-4e42-42c4-c424242420d4"
Step 1: Add hallmark provider to Code42 console
- Sign in to the Code42 console.
- Navigate to Administration > Integrations > Identity Management.
- Click Add together Authentication Provider.
- In Display Name, enter the federation name.
- In Provider's Metadata, ensure that Enter URL is selected and paste the URL. For the InCommon federation, use the IdP-only aggregate: https://mdq.incommon.org/entities/idps/all
Use metadata URL for federations
Code42 cloud environments exercise not support uploading an XML file for federations. Utilize the metadata URL to configure the federation instead.
Custom domains are not supported
When entering the URL for the XML metadata file, custom domains are not supported. You must apply the standard domain of your identity provider.
- Click Create Provider.
Code42 automatically detects that the provider's metadata URL belongs to a federation, and details for the federation appear.
Pace ii: Add identity provider
- From federation settings, ClickAdd an identity provider to this federation.
- Select a provider from the listing.
Begin typing to search the list. - Enter a brandish name for the provider to display to users who sign in.
If your Code42 environment provides more one SSO identity provider, users meet a list of providers to cull from. - ClickAdd Identity Provider.
The provider appears nether the federation.
Footstep three: Prepare InCommon
Submit the Code42 Service Provider Metadata URL to the identity federation.
Footstep 4: Test SSO authentication
To avert impacting your production environs, utilise a test system to verify that SSO is working properly.
- Create a test user in your identity provider.
- Sign in to the Code42 console.
- Create a examination system.
- Create a user in the examination organization who matches the identity provider exam user.
- Configure the test organization to utilize SSO:
- Navigate to Administration > Integrations > Identity Management .
- Select the authentication provider.
- Click Edit next to Organizations in utilize.
- Select the test organization.
Note that you can also use an organisation'due south settings to select an authentication provider to use for SSO. - Click Save.
- In the upper-right of the Code42 console, select Account > Sign Out.
- Sign back in to the Code42 console equally the test user to verify that SSO is working.
Step 5: Configure organizations to use SSO
- Sign in to the Code42 console.
- Navigate to Administration > Integrations > Identity Direction .
- Select the authentication provider.
- Click Edit adjacent to Organizations in use.
- Select organizations to use the authtenication provider for SSO.
If applicative, select the Inherits settings to place whether an arrangement inherits the setting from its parent organisation. To enable SSO for all organizations, select the top-most organization. (Note that you tin also use an organization'southward settings to select an authentication provider to employ for SSO.) - Click Save.
Step 6: Add new users who sign in with SSO
Pick A: Add users in the Code42 panel
Apply the Code42 panel to add users to an organization that uses SSO.
- Verify that the users in the organization exist in the SSO identity provider used by the organization.
- Make sure that the Code42 environment usernames match the SSO usernames.
Selection B: Deploy the Code42 app
Distribute the Code42 app to new users.
- Incydr Professional, Enterprise, and Horizon
New user accounts created with SSO registration are created automatically in Code42. - Incydr Basic and Advanced
- New user accounts created silent SSO registration are created automatically in Code42.
- New user accounts created with manual registration requires new users to annals in the Code42 environment. Users cullSign upwards for an account when they open the Code42 app and they create an business relationship using their SSO credentials. (The Code42 app username must friction match the SSO username.)
What to look
Reduced authentication prompts
When users sign in with SSO, they practice non need to re-enter credentials for subsequent authentication attempts until the SAML authentication token expires. A SAML token applies to an application rather than a device, which ways that a user might need to enter credentials again when signing into a unlike app.
For case, the single sign-in process differs whether users sign in to the Code42 console or the Code42 app:
- Code42 console:When users sign in to the Code42 panel, they are redirected in the web browser to sign in to their SSO identity provider. Every bit soon as they sign in to their identity provider, the Code42 console launches.
- Code42 app (Incydr Basic and Advanced only):When users sign in to the Code42 app, following message appears: "To complete the sign in process, get to your web browser. This screen updates automatically once login is successful." A web browser window is automatically opened so they can complete the sign-in procedure in their SSO identity provider. Every bit presently as they sign in to their SSO identity provider in the provided web browser window, the Code42 app launches.
Losing access to an identity provider
Incydr Bones and Advanced but
If a user loses access to the identity provider, the Code42 app continues to support, uninterrupted.
External resources
- Wikipedia:
- InCommon: Information for InCommon Site Administrators
How To Upload Metadata To Incommon,
Source: https://support.code42.com/Incydr/Admin/Configuring/Identity_management/Configure_InCommon_for_SSO_in_your_Code42_environment
Posted by: wimbleynoth1963.blogspot.com
0 Response to "How To Upload Metadata To Incommon"
Post a Comment