Version:

Configuring SAML Authentication

Configuring SAML Authentication

Note

To implement Azure Active Directory using SAML, you must first configure SAML in Microsoft Azure Portal and then configure SAML Authentication in Logpoint. Go to Appendix for details.

  1. Go to Settings >> System Settings from the navigation bar and click Plugins.

  2. Find SAML Authentication and click Manage.

_images/saml_manage.png

Manage SAML Authentication

  1. Click ADD SERVER.

_images/saml-add-server.png

Add SAML Server

  1. Enter a unique Server Name.

  2. In Issuer (EntityID), enter the Logpoint’s IP address.

    SAML Authentication generates the ACS (Consumer) URL automatically.

Note

You must add these Issuer (EntityID) and ACS (Consumer) URL in your IdP server. For Shibboleth, you must download the Logpoint metadata file and upload it in its server.

  1. Enter the EntityID. You can find it in your IdP metadata file as entity ID.

  2. Enter the SSO EndPoint URL. You can find it in your IdP metadata file as Location in SingleSignOnService. The SingleSignOnService must be HTTP-POST.

  3. Enter the X.509 Certificate. You can find it in your IdP metadata file as the signing certificate. For Shibboleth, you can find it as the FrontChannel signing certificate.

  4. In Response Username Field, enter the field to extract the username from the SAML response.

  5. In Response Role Field, enter the field to extract the role from the SAML response.

  6. Click Save.

Note

The time zones of the IdP server and Logpoint must be identical.

_images/saml_server-added.png

Adding an IdP Server

  1. Click Yes to make SAML authentication as the default authentication. Otherwise, click No.

_images/saml_default-box.png

Select Authentication

Note

Once you add an IdP server, Role Mapping is added and Add Server is removed in SAML Authentication management.

_images/saml_rolemapping.png

SAML Authentication Management

Configuring Default Settings

  1. Go to Settings >> System Settings from the navigation bar and click Plugins.

  2. Find SAML Authentication and click Manage.

  3. Click Default Settings.

_images/saml_management_panel1.png

SAML Authentication Management

  1. Select a Logpoint user group as the Default Role. SAML Authentication assigns the user group to the SAML Authentication users whose role attribute are not returned by the IdP server.

  2. Click Save.

_images/adfs_default-settings.png

Default Settings

Downloading Logpoint Metadata

  1. Go to Settings >> System Settings from the navigation bar and click Plugins.

  2. Find SAML Authentication and click Manage.

  3. Click the Download icon from Actions.

_images/saml_metadata.png

Downloading Logpoint Metadata

Mapping Roles

You can map a SAML role to a Logpoint user group to grant access permission in Logpoint. A SAML role can be mapped to a single Logpoint user group only. This is mandatory.

To map a SAML role to a Logpoint user group:

  1. Go to Settings >> System Settings from the navigation bar and click Plugins.

  2. Find SAML Authentication and click Manage.

  3. Click Roles Mapping.

_images/saml_role-mapping.png

Role Mapping

  1. Enter a SAML Role.

  2. Select a LogPoint User Group for the provided SAML role.

_images/saml_role-map-panel.png

SAML Role Mapping

  1. Click Add.

    You can view all the mapped SAML roles and Logpoint user groups in Role Map Strategies. You can either edit or delete them from Actions.

_images/saml_role-map-added.png

SAML Roles

  1. Click Submit.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support