Single Sign On

Single Sign On allows to automatically authenticate the user when logging into the system. Fudo Enterprise allows to set the Single Sign On functionality for both Admin Panel and User Portal (Access Gateway).

Note

For more detailed information on configuring SSO with Active Directory, please refer to the Configuring the Single Sign On (SSO) use case.

Setting up Fudo Enterprise for SSO

  1. Set Fudo Enterprise hostname to hostname.yourdomain.local.

    • Select Settings > Network configuration.
    • Switch to the Name & DNS tab.
    • Enter hostname.yourdomain.local in the Hostname field.

  2. Configure DNS server to point to a DNS server in the yourdomain.local domain.

    • Click Add DNS server to define new DNS server.
    • Enter DNS server IP address.
    • Click Save.

  3. Add user, that has an AD domain account.

Setting up domain controller

  1. Add user account, which will be used by the User Portal or Admin Panel to communicate with the yourdomain.local domain.

Note

When adding the account, enable the Password does not expire option.

  1. On the DNS server add forward and reverse DNS entries for hostname.yourdomain.local.
  2. Create a Kerberos ticket for Fudo Enterprise running the following command in the Powershell or CMD console:

ktpass -princ HTTP/hostname.yourdomain.local@yourdomain.local -mapuser netbios_domain_name\username -pass password - ptype KRB5_NT_PRINCIPAL -out hostname.yourdomain.local.keytab


Single Sign On in Admin Panel

Warning

Single Sign On in Admin Panel is available to set for a user with superadmin role only, and can be used by the users with operator, admin and superadmin roles.

In order to define SSO service parameters in system settings, follow the steps:

  • Select Settings > Authentication > Global tab.
  • In the SSO section, click Upload button in the Management SSO settings field to access Admin Panel SSO configuration.
../../_images/5-5-auth-sso-mgmt.png
  • Provide service identifier that will match the user account with the service instance.
  • Upload the keytab file containing admin’s ID and encryption keys for encrypting and decrypting Kerberos tickets.
../../_images/5-5-auth-sso-mgmt-upload.png
  • Click Save.

Single Sign On in User Portal

In order to define SSO service parameters in system settings, follow the steps:

  • Select Settings > Authentication > Global tab.
  • In the SSO section, click Upload button in the User access SSO settings field to access Access Gateway SSO configuration.
../../_images/5-5-auth-sso-uag.png
  • Provide service identifier that will match the user account with the service instance.
  • Upload the keytab file containing user’s ID and encryption keys for encrypting and decrypting Kerberos tickets.
../../_images/5-5-auth-sso-uag-upload.png
  • Click Save.

Related topics: