Navigate from Platform Configuration > Security > Authentication.
The Authentication section allows administrators to configure the LDAP, SAML and OAuth settings. These settings:
- Are required if administrators want restricted access to the Hub from other applications.
- Allows administrators to manage users from their company's LDAP server.
- Enable Single Sign On (SSO) for users.
|LDAP||Directory Server||Select the LDAP directory server that your company uses.|
|On-premise AD Bridge|
Allows specification of the AD bridge address and token to connect to the directory.
If this checkbox is enabled, specify the bridge address and the bridge token.
|Manage via AD Groups||Allows the management of users through Active Directory groups.|
|Recursive Groups||Enables the use of a recursive group structure.|
|AD Secure||Allows the use of LDAP over the Secure Socket Layer (SSL).|
Specify the port number to connect to the server.
The default value is 389. It is 636 for AD Secure.
|Active Forest||Add multiple Forest structure details of your Active Directory network.|
|Username||Enter a valid username.|
Enter a valid password.
The username and password is for the testing of connection to the LDAP server.
|SAML||Enable SAML||Select the checkbox to enable exchange of authorization and authentication.|
|SP Public Certificate||Download the public certificate that is used when the Service Provider information is added to the Identity Provider.|
|SP Rollover Certificate||When the current SP certificate is within 4 weeks of expiry a new certificate will be provided via this link for customers who choose to sign SAML assertions.|
|SP Metadata||Download the metadata file that is used automatically negotiate agreements.|
|Single Sign-On Binding||Select the SAML binding to use for sign-on.|
|Single Sign-Off Binding||Select the SAML binding that to use for Sign-off.|
|Metadata File||Select and upload the IdP metadata file. This overwrites the manually set values.|
|Entity ID||Enter the URI for the IdP entity.|
|Single Sign-On URL||Enter the URL of the IdP to which the Hub sends the authentication request message.|
|Single Sign-Off URL||Enter the URL of the IdP to which the Hub sends the SLO request.|
|X.509 Public Certificate||Paste the public X.509 certificate of the IDP.|
|Sign Messages||Enables the requirement of signing the samlp Response, LogoutRequest and LogoutResponse elements that are received by the hub.|
|Sign Assertions||Enables the requirement of signing the samlp Assertion elements that are received by the Hub.|
|Encrypt NameID||Enables the requirement of signing the NameID that is received by the Hub.|
|OAuth||Access Token Expiry||Select the duration of the token expiry, after which the token can no longer be used.|
|Refresh Token||Using the slider, select the duration after which the tokens are refreshed.|