Difference between revisions of "Single Sign On Profiles"
Jump to navigation
Jump to search
| (4 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | This document can now be found at its new location in the [https://docs.hornbill.com/esp-config/security/sso/single-sign-on/ Hornbill Document Library]. | ||
| + | |||
| + | [[file:hornbill-document-library.png|Hornbill Cloud|link=https://docs.hornbill.com/esp-config/security/sso/single-sign-on/]] | ||
| + | <!-- | ||
<div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;"> | <div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;"> | ||
__NOTOC__[[Main Page|Home]] > [[Administration]] > Single Sign On Profiles | __NOTOC__[[Main Page|Home]] > [[Administration]] > Single Sign On Profiles | ||
| Line 34: | Line 38: | ||
<br> | <br> | ||
<br> | <br> | ||
| − | [[File:Upload_IDP_Meta_Data.PNG|400px|thumb|<div align="center">'''Clicking the | + | [[File:Upload_IDP_Meta_Data.PNG|400px|thumb|<div align="center">'''Clicking the "Import IDP Meta Data" button will prompt you to upload your IDP meta data'''</div>]] |
===Uploading Your IdP Meta Data into the Hornbill SSO Profile=== | ===Uploading Your IdP Meta Data into the Hornbill SSO Profile=== | ||
| Line 48: | Line 52: | ||
:* '''XML''' - If your IdP is not able to present it's certificate meta data via a URL, the file containing this should be opened in a text editor (e.g. Notepad ++) and copy and paste the contents into the "XML" field and then click "Process". If you IdP has produced separate meta data files for each of the Hornbill Service URL's, repeat this step as many times as required. | :* '''XML''' - If your IdP is not able to present it's certificate meta data via a URL, the file containing this should be opened in a text editor (e.g. Notepad ++) and copy and paste the contents into the "XML" field and then click "Process". If you IdP has produced separate meta data files for each of the Hornbill Service URL's, repeat this step as many times as required. | ||
<br> | <br> | ||
| − | + | '''NOTE:''' If the configuration in your Identify Provider results in separate certificate metadata for each of the Hornbill service URLs, either of the steps above can be repeated multiple times. Each time some certificate metadata is processed, the new certificate will be appended into the SSO Profile. Existing certificate metadata is never overwritten. | |
===Review and Set the Profile Details=== | ===Review and Set the Profile Details=== | ||
| Line 58: | Line 62: | ||
:* '''Type''' - This is the secure protocol used in the SSO authentication mechanism. Only SAML 2.0 is used and supported by Hornbill. | :* '''Type''' - This is the secure protocol used in the SSO authentication mechanism. Only SAML 2.0 is used and supported by Hornbill. | ||
:* '''Name Id''' - If the NameID provided by the idP matches the account ID on Hornbill then this should be left blank. If however, the name ID from the idP is opaque (either static or transient) then you can use this parameter to tell Hornbill to override the NameID with a value from one of the SAML assertions attributes. This way the idP can provide a value that matches the account ID on hornbill for the user and Hornbill will use that to identify the user being authenticated | :* '''Name Id''' - If the NameID provided by the idP matches the account ID on Hornbill then this should be left blank. If however, the name ID from the idP is opaque (either static or transient) then you can use this parameter to tell Hornbill to override the NameID with a value from one of the SAML assertions attributes. This way the idP can provide a value that matches the account ID on hornbill for the user and Hornbill will use that to identify the user being authenticated | ||
| + | [[File:EnablingSSOProfiles.PNG|400px|thumb|<div align="center">'''A SSO Profile can be enabled/disabled via the toggle switch available in the SSO profile (shown above) or via the list of SSO profiles'''</div>]] | ||
| + | <br> | ||
| + | ===Enabling an SSO Profile=== | ||
| + | Once you have confgiured the SSO profile, you can easily enable or disable the profile using the toggle switch available within the SSO Profile or located in the list of SSO Profiles. | ||
| + | <br> | ||
| + | <br> | ||
| + | <br> | ||
<br> | <br> | ||
| Line 159: | Line 170: | ||
[[Category:Administration]] | [[Category:Administration]] | ||
| + | --> | ||
| + | [[Category:HDOC]] | ||
Latest revision as of 20:12, 11 April 2024
This document can now be found at its new location in the Hornbill Document Library.
