Enabling SAML authentication

You can enable Security Assertion Markup Language (SAML) authentication so that remote users are authenticated by a secure identity provider (IdP) before they can access the Unified Manager web UI.

Before you begin

About this task

After you have enabled SAML authentication from Unified Manager, users cannot access the graphical user interface until the IdP has been configured with the Unified Manager server host information. So you must be prepared to complete both parts of the connection before starting the configuration process. The IdP can be configured before or after configuring Unified Manager.

Only remote users will have access to the Unified Manager graphical user interface after SAML authentication has been enabled. Local users and Maintenance users will not be able to access the UI. This configuration does not impact users who access the maintenance console, the Unified Manager commands, or ZAPIs.

Note: Unified Manager is restarted automatically after SAML authentication is configured.

Steps

  1. In the toolbar, click , and then click Authentication in the left Setup menu.
  2. In the Setup/Authentication page, select the SAML Authentication tab.
  3. Select the Enable SAML authentication checkbox.
    The fields required to configure the IdP connection are displayed.
  4. Enter the IdP URI and the IdP metadata required to connect the Unified Manager server to the IdP server.
    If the IdP server is accessible directly from the Unified Manager server, you can click the Fetch IdP Metadata button after entering the IdP URI to populate the IdP Metadata field automatically.
  5. Copy the Unified Manager host metadata URI, or save the host metadata to an XML text file.
  6. Click Save.
    A message box displays to confirm that you want to complete the configuration and restart Unified Manager.
  7. Click Confirm and Logout and Unified Manager is restarted.

After you finish

Access your IdP and enter the Unified Manager server URI and metadata to complete the configuration.

The next time authorized remote users attempt to access the Unified Manager graphical interface they will enter their credentials in the IdP login page instead of the Unified Manager login page.