Single Sign On¶
Single Sign On allows to automatically authenticate the user when logging into the system. Fudo Enterprise allows to set the Single Sign On functionality for both Admin Panel and User Portal (Access Gateway).
Setting up Fudo Enterprise for SSO¶
Set Fudo Enterprise hostname to
hostname.yourdomain.local
.- Select > .
- Switch to the Name & DNS tab.
- Enter
hostname.yourdomain.local
in the Hostname field.
Configure DNS server to point to a DNS server in the yourdomain.local domain.
- Click to define new DNS server.
- Enter DNS server IP address.
- Click .
Add user, that has an AD domain account.
add user account manually, with Active Directory eternal authentication method.
Single Sign On in Admin Panel¶
Warning
Single Sign On in Admin Panel is available to set for a user with superadmin
role only, and can be used by the users with operator
, admin
and superadmin
roles.
In order to define SSO service parameters in system settings, follow the steps:
Single Sign On in User Portal¶
In order to define SSO service parameters in system settings, follow the steps:
Setting up domain controller¶
- Add user account, which will be used by the User Portal or Admin Panel to communicate with the yourdomain.local domain.
Note
When adding the account, enable the Password does not expire option.
- On the DNS server add forward and reverse DNS entries for hostname.yourdomain.local.
- Create a Kerberos ticket for Fudo Enterprise running the following command in the Powershell or CMD console:
ktpass -princ HTTP/hostname.yourdomain.local@yourdomain.local -mapuser sso\username -pass password.
-
ptype KRB5_NT_PRINCIPAL -out hostname.yourdomain.local.keytab
Setting up user workstations¶
- Log in using credential of a user that will be connecting to servers.
- Launch Internet Explorer.
- Open the Internet options settings window.
- Switch to the Security tab.
- Select the Local intranet option and click Sites.
- Click Advanced.
- Add the address
hostname.yourdomain.local
. - Close settings window.
Related topics: