Add an SSO Identity Provider (IdP) for
PowerFlex Manager to allow users to take advantage of single sign-on (SSO) capabilities through other applications.
About this task
Perform the following procedure to add an identity provider:
Prerequisites
Before adding an identify provider, you must log on with an account that has the SecurityAdmin role. You also must upload the identity provider root CA certificate for Active Directory Federation Service (ADFS). Ensure that you have access to the ADFS before you begin this procedure.
Steps
On the menu bar, click
Settings.
In the left pane, click
User Management, then in the right pane, click
SSO Identity Provider (IdP) Configuration.
Click
Add.
On the
Name page, provide a name for the identity provider and click
Next.
On the
Service Provider page, download the service provider metadata for
PowerFlex and configure the
PowerFlex service provider within your identity provider.
To download the metadata as a file, select
Download File and click
Download SP Metadata (XML).
To copy the metadata, click
Manual Copy and click
Copy for each piece of metadata.
Configure
PowerFlex as a service provider within your identity provider.
In the ADFS user interface, perform these steps:
Log in to ADFS.
Go to the
Relying Party Trusts folder under
ADFS.
Click
Add Relying Party Trust... under
Actions.
On the
Welcome screen, select
Claims aware and click
Start.
On the
Select Data Source screen, select
Import data about the relying party from a file.
In the
Federation metadata file location field, specify the location of the downloaded service provider metadata file and click
Next.
NOTE:If you copied the metadata instead of downloading the file, select
Enter data about the relying party manually and input the copied metadata.
On the
Specify Display Name screen, enter the name that you would like to use for the service provider and click
Next.
On the
Choose Access Control Policy screen, choose a policy and click
Next.
On the
Ready to Add Trust screen, click
Next.
On the
Finish screen, select
Configure claims insure policy for this application and click
Close.
On the
Relying Party Trusts screen, select the display name for the newly created service provider, and click
Edit Claim Insurance Policy... under
Actions.
Click
Add Rule... to add the following LDAP attribute rule:
For the
Claim rule template, select
Send LDAP Attributes as Claims.
For the
Claim rule name, type
LDAP attributes.
For the
Attribute store, select
Active Directory.
For the Mapping of
LDAP attributes to outgoing claim types, select the following attributes:
LDAP attribute
Outgoing claim type
E-Mail-Addresses
E-Mail Address
SAM-Account-Name
Name ID
Surname
Surname
Given-Name
Given Name
Click
Finish.
Click
Add Rule... to add the following custom rule:
For the
Claim rule template, select
Send Claims Using a Custom Rule.
For the
Claim rule name, type
Get groups.
For the
Custom rule, paste in the following string:
Return to
PowerFlex Manager and click
I have configured PowerFlex as a SP in my IdP using the metadata above on the
Service Provider page of the
Add Identity Provider (IdP) wizard.
Click
Next.
On the
IdP Setup page, upload the identity provider metadata so that
PowerFlex can establish a connection to the identity provider.
To upload the metadata as a file, select
Upload File and specify the file location.
To retrieve the metadata from a URL, select
URL and specify the following URL:https://hostname/FederationMetadata/2007-06/FederationMetadata.xml
The URL is always the same, except for the hostname, which you must specify for your environment.
Click
Next.
On the
Settings page, review the attribute mappings that are imported from the identity provider.
Check the attribute mappings to be sure they are correct.
Click
Next.
Review the
Summary page and click
Finish.
Results
After you add a new identity provider,
PowerFlex Manager adds it to the list of identity providers on the
SSO Identity Provider (IdP) Configuration page. In addition,
PowerFlex Manager updates the login page to show a login button with the new identity provider. You can see this button the next time you log in
PowerFlex Manager.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\