Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell PowerFlex 4.5.x Administration Guide

PDF

Add an identity provider

Add an SSO Identity Provider (IdP) for PowerFlex Manager to allow users to take advantage of single sign-on (SSO) capabilities through other applications.

About this task

Perform the following procedure to add an identity provider:

Prerequisites

Before adding an identify provider, you must log on with an account that has the SecurityAdmin role. You also must upload the identity provider root CA certificate for Active Directory Federation Service (ADFS). Ensure that you have access to the ADFS before you begin this procedure.

Steps

  1. On the menu bar, click Settings.
  2. In the left pane, click User Management, then in the right pane, click SSO Identity Provider (IdP) Configuration.
  3. Click Add.
  4. On the Name page, provide a name for the identity provider and click Next.
  5. On the Service Provider page, download the service provider metadata for PowerFlex and configure the PowerFlex service provider within your identity provider.
    1. To download the metadata as a file, select Download File and click Download SP Metadata (XML).
    2. To copy the metadata, click Manual Copy and click Copy for each piece of metadata.
    3. Configure PowerFlex as a service provider within your identity provider.

      In the ADFS user interface, perform these steps:

      1. Log in to ADFS.
      2. Go to the Relying Party Trusts folder under ADFS.
      3. Click Add Relying Party Trust... under Actions.
      4. On the Welcome screen, select Claims aware and click Start.
      5. On the Select Data Source screen, select Import data about the relying party from a file.
      6. In the Federation metadata file location field, specify the location of the downloaded service provider metadata file and click Next.
        NOTE:If you copied the metadata instead of downloading the file, select Enter data about the relying party manually and input the copied metadata.
      7. On the Specify Display Name screen, enter the name that you would like to use for the service provider and click Next.
      8. On the Choose Access Control Policy screen, choose a policy and click Next.
      9. On the Ready to Add Trust screen, click Next.
      10. On the Finish screen, select Configure claims insure policy for this application and click Close.
      11. On the Relying Party Trusts screen, select the display name for the newly created service provider, and click Edit Claim Insurance Policy... under Actions.
      12. Click Add Rule... to add the following LDAP attribute rule:
        • For the Claim rule template, select Send LDAP Attributes as Claims.
        • For the Claim rule name, type LDAP attributes.
        • For the Attribute store, select Active Directory.
        • For the Mapping of LDAP attributes to outgoing claim types, select the following attributes:
          LDAP attribute Outgoing claim type
          E-Mail-Addresses E-Mail Address
          SAM-Account-Name Name ID
          Surname Surname
          Given-Name Given Name
        • Click Finish.
      13. Click Add Rule... to add the following custom rule:
        • For the Claim rule template, select Send Claims Using a Custom Rule.
        • For the Claim rule name, type Get groups.
        • For the Custom rule, paste in the following string: 
          c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]  => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/Group"), query = ";tokenGroups;{0}", param = c.Value);
        • Click Finish.
      14. Click Add Rule... to add another custom rule:
        • For the Claim rule template, select Send Claims Using a Custom Rule.
        • For the Claim rule name, type Claim of groups membership.
        • For the Custom rule, paste in the following string: 
          c:[Type == "http://schemas.xmlsoap.org/claims/Group"]  => issue(Type = "Group", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
        • Click Finish.
      15. Click OK.
    4. Return to PowerFlex Manager and click I have configured PowerFlex as a SP in my IdP using the metadata above on the Service Provider page of the Add Identity Provider (IdP) wizard.
    5. Click Next.
  6. On the IdP Setup page, upload the identity provider metadata so that PowerFlex can establish a connection to the identity provider.
    1. To upload the metadata as a file, select Upload File and specify the file location.
    2. To retrieve the metadata from a URL, select URL and specify the following URL:https://hostname/FederationMetadata/2007-06/FederationMetadata.xml

      The URL is always the same, except for the hostname, which you must specify for your environment.

    3. Click Next.
  7. On the Settings page, review the attribute mappings that are imported from the identity provider.
    1. Check the attribute mappings to be sure they are correct.
    2. Click Next.
  8. Review the Summary page and click Finish.

Results

After you add a new identity provider, PowerFlex Manager adds it to the list of identity providers on the SSO Identity Provider (IdP) Configuration page. In addition, PowerFlex Manager updates the login page to show a login button with the new identity provider. You can see this button the next time you log in PowerFlex Manager.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\