Navigate from Platform Configuration > Security > Authentication.
The Authentication section allows administrators to configure the LDAP, SAML and OAuth settings. These settings:
- Are required if administrators want restricted access to the Hub from other applications.
- Allows administrators to manage users from their company's LDAP server.
- Enable Single Sign On (SSO) for users.
Option | Fields | Description |
---|---|---|
LDAP | Directory Server | Select the LDAP directory server that your company uses. |
On-premise AD Bridge |
Allows specification of the AD bridge address and token to connect to the directory. If this checkbox is enabled, specify the bridge address and the bridge token. |
|
Manage via AD Groups | Allows the management of users through Active Directory groups. | |
Recursive Groups | Enables the use of a recursive group structure. | |
AD Secure | Allows the use of LDAP over the Secure Socket Layer (SSL). | |
Port |
Specify the port number to connect to the server. The default value is 389. It is 636 for AD Secure. |
|
Active Forest | Add multiple Forest structure details of your Active Directory network. | |
Username | Enter a valid username. | |
Password |
Enter a valid password. The username and password is for the testing of connection to the LDAP server. |
|
SAML | Enable SAML | Select the checkbox to enable exchange of authorization and authentication. |
SP Public Certificate | Download the public certificate that is used when the Service Provider information is added to the Identity Provider. | |
SP Rollover Certificate | When the current SP certificate is within 4 weeks of expiry a new certificate will be provided via this link for customers who choose to sign SAML assertions. | |
SP Metadata | Download the metadata file that is used automatically negotiate agreements. | |
Single Sign-On Binding | Select the SAML binding to use for sign-on. | |
Single Sign-Off Binding | Select the SAML binding that to use for Sign-off. | |
Metadata File | Select and upload the IdP metadata file. This overwrites the manually set values. | |
Entity ID | Enter the URI for the IdP entity. | |
Single Sign-On URL | Enter the URL of the IdP to which the Hub sends the authentication request message. | |
Single Sign-Off URL | Enter the URL of the IdP to which the Hub sends the SLO request. | |
X.509 Public Certificate | Paste the public X.509 certificate of the IDP. | |
Sign Messages | Enables the requirement of signing the samlp Response, LogoutRequest and LogoutResponse elements that are received by the hub. | |
Sign Assertions | Enables the requirement of signing the samlp Assertion elements that are received by the Hub. | |
Encrypt NameID | Enables the requirement of signing the NameID that is received by the Hub. | |
OAuth | Access Token Expiry | Select the duration of the token expiry, after which the token can no longer be used. |
Refresh Token | Using the slider, select the duration after which the tokens are refreshed. |