Single Sign-On Introduction - manage-netcloud-access/Single-Sign-On-Introduction

Managing Identities and Access for NetCloud
NetCloud Feature
Management > Users
ft:locale
en-US
ft:sourceName
Paligo_Prod
Document Type
Admin Guide
Configuration Guide

The purpose of single sign-on is to simplify the login process. SSO requires users to login to a central authentication service only once. After a successful login, users can access multiple applications with no additional logins.

An SSO setup consists of the following components.

  • The Identity Provider (IdP), such as Okta or Azure, where users are managed and authenticated.

  • The service provider (SP), such as NetCloud Manager, that users want to access.

After a user authenticates with their IdP, the IdP informs the service provider that the user is authenticated. The service provider then allows the authenticated user to access its applications and resources without logging in again.

Any IdP that supports SAML 2.0 can be used for SSO with NetCloud Manager and the NetCloud Verify app. The service provider in this model is NetCloud Manager.

Using SSO with NetCloud Manager requires the following.

  • An app with the IdP. This app contains information that allows it to communicate with NetCloud Manager to authenticate users.

  • Configuration within NetCloud Manager. This configuration contains information that allows NetCloud Manager to communicate with the IdP app for authentication purposes.

The IdP app and NetCloud Manager require values from each other. These values are used when configuring the IdP app and for the configuration in NetCloud Manager.

The IdP app requires the following from NetCloud Manager.

  • NetCloud Manager's Assertion Consumer Service (ACS) URL

  • NetCloud Manager's Service Provider (SP) Entity ID

NetCloud Manager requires the following from the IdP app.

  • IdP Assertion Consumer Service (ACS) URL

  • IdP Entity ID

  • X.509 certificate text

  • The user attributes specified in the IdP

    Required

    • First name

    • Last name

    • Email address

    Optional

    • ForcedPermission

  • Sign On URL (for SP-Initiated logins)

SSO can be used with IdP-initiated logins and with service-provider initiated logins.

IdP-initiated logins are initiated at the IdP. A user logs in to their IdP and then clicks the NetCloud Manager app tile on their IdP dashboard to access NetCloud Manager.

Service-Provider initiated logins are initiated in NetCloud Manager. A user clicks the "Sign In With SSO" button on the Ericsson Enterprise Wireless login page and then enters their Company Identifier to complete their login.

This article does not contain comprehensive, IdP-specific instructions for configuring an IdP app. Comprehensive instructions vary by IdP and are beyond the scope of this article. This article does contain specific instructions for configuration in NetCloud Manager. Screenshots are provided to help with locating values in Okta and Azure.

At this time, SSO does not support x.509 certificates that include extensions. IDPs that require an AuthnRequest to be signed with a public certificate are also not supported.

Important

The user performing the integration must have a System Administrator role (or User Administrator role) in NetCloud Manager and an administrator role with their Identity Provider. The email address of the user performing the integration must be the same in NetCloud Manager and in the Identity Provider.