- play_arrow Introduction
- About the Administration Portal User Guide
- Administration Portal Overview
- Administration Portal Tasks for SP Administrators And OpCo Administrators
- Accessing Administration Portal
- Personalize the Administration Portal
- Switching the Tenant Scope
- About the Administration Portal Dashboard
- Changing the Administration Portal Password
- Resetting Your Password
- Configuring Two-Factor Authentication
- Resend Activation Link in Administration Portal
- Changing the Password on First Login
- Resetting the Password for OpCo and Tenant Users
- Setting Password Duration
- Extending the User Login Session
- About the Display Preferences
- Add a Theme in Administration Portal
- Apply or Modify a Theme
- Upload a Custom Font
- play_arrow Managing E-Mail
- play_arrow Managing Tenants
- Tenant Overview
- Full Mesh Topology Overview
- Understanding Specific Route-based Routing Within the SD-WAN Overlay
- About the Tenants Page
- Adding a Single Tenant
- Edit Tenant Parameters
- Importing Data for Multiple Tenants
- Allocating Network Services to a Tenant
- Viewing the Create History of Imported Tenant Data
- Delete a Tenant
- Viewing the History of Deleted Tenant Data
- Dynamic Mesh Tunnels Overview
- Configuring Dynamic Mesh Tunnel Thresholds for all Tenants
- Updating the Terms of Use
- play_arrow Managing Operating Companies
- play_arrow Managing Resources
- About the POPs Page
- Creating a Single POP
- Importing Data for Multiple POPs
- Viewing the History of POP Data Imports
- Viewing the History of POP Data Deletions
- View the History of Device Data Deletions
- Manually Importing Provider Hub Sites
- About the Tenant Devices Page
- About the Provider Hub Devices Page
- Add a Provider Hub Device
- Edit Provider Hub Site Parameters
- Manage a Provider Hub Device
- Upgrade a Provider Hub Device
- Delete a Provider Hub Site
- Perform Return Material Authorization (RMA) for a Provider Hub Device
- Grant Return Material Authorization (RMA) for a Provider Hub Device
- Generate Device RSI for Provider Hub Devices
- Managing a Tenant Device
- Device Redundancy Support Overview
- Viewing the History of Tenant Device Activation Logs
- Secure OAM Network Overview
- Secure OAM Network Redundancy Overview
- Rebooting Tenant Devices and Provider Hub Devices
- Identifying Connectivity Issues by Using Ping
- Identifying Connectivity Issues by Using Traceroute
- Remotely Accessing a Device CLI
- Device Template Overview
- Multi-Service Shared Bearer Overview
- About the Device Template Page
- Cloning a Device Template
- Importing a Device Template
- Configuring Template Settings in a Device Template
- Updating Stage-2 Configuration Template in a Device Template
- Configuring Stage-2 Initial Configuration in a Device Template
- Modifying a Device Template Description
- Deleting a Device Template
- Configuration Templates Overview
- Configuration Templates Workflow
- About the Configuration Templates Page
- Predefined Configuration Templates
- Edit, Clone, and Delete Configuration Templates
- Deploy Configuration Templates to Devices
- Undeploy a Configuration Template from a Device
- Dissociate a Configuration Template from a Device
- Preview and Render Configuration Templates
- Import Configuration Templates
- Export a Configuration Template
- Assign Configuration Templates to Device Templates
- Add Configuration Templates
- Jinja Syntax and Examples for Configuration Templates
- View the Configuration Deployed on Devices
- APN Overview
- Configuring APN Settings on CPE Devices
- Device Images Overview
- About the Device Images Page
- Staging an Image
- Deploying Device Images to Devices
- Uploading a Device Image
- Deleting Device Images
- Network Services Overview
- About the Network Services Page
- About the Service Overview Page
- About the Service Instances Page
- Allocating a Service to Tenants
- Removing a Service from Tenants
- play_arrow Managing Signatures
- Signature Database Overview
- About the Signature Database Page
- Downloading a Signature Database
- Download Locations for Signature Database
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- play_arrow Managing Profiles
- Application Quality of Experience Overview
- Configure and Monitor Application Quality of Experience
- About the Application Traffic Type Profiles Page
- Predefined Application Traffic Type Profiles
- Add Traffic Type Profiles
- Edit and Delete Application Traffic Type Profiles
- SLA Profiles and SD-WAN Policies Overview
- About the SLA-Based Steering Profiles Page
- Adding SLA-Based Steering Profiles
- Editing and Deleting SLA-Based Steering Profiles
- About the Path-Based Steering Profiles Page
- Adding Path-Based Steering Profiles
- Editing and Deleting Path-Based Steering Profiles
- About the Breakout Profiles Page
- Adding Breakout Profiles
- Editing and Deleting Breakout Profiles
- play_arrow Managing Licenses
- play_arrow Managing Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Administration Portal
- Add Service Provider and OpCo Users
- Edit and Delete Service Provider Users and OpCo Users
- Resetting the Password for Service Provider, OpCo, and Tenant Users
- Roles Overview
- About the Roles Page
- Add User-Defined Roles for Service Provider, OpCo, and Tenant Users
- Edit, Clone, and Delete User-Defined Roles for Service Provider, OpCo, and Tenant Users
- Access Privileges for Role Scopes (Operating Company and Tenant)
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
- play_arrow Monitoring
- About the Monitor Overview Page
- Alerts Overview
- About the Generated Alerts Page
- About the Alert Definitions/Notifications Page
- Creating and Managing Security Alerts
- About the Alarms Page
- BGP Alarms on Provider Hubs
- Monitoring Support for LTE Links on Dual CPEs
- Enable E-mail Notifications for SD-WAN Alarms
- Rogue Device Detection
- Multitenancy
- About the SLA Performance of All Tenants Page
- About the SLA Performance of a Single Tenant Page
- Monitoring Application-Level SLA Performance for Secure SD-WAN-Advanced
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Understanding SLA Performance Score for Applications, Links, Sites, and Tenants
- Syslog Streaming
Configuring a Single Sign-On Server
Use this page to configure a single sign-on server (SSO) that is used for authenticating users. Starting from CSO Release 6.2.0, tenants can configure their own SSO server to authenticate their users.
There are two entities involved during the SSO configuration:
SSO Server or Identity Provider—An external server integrated with CSO.
OpCo or Tenant—Acts as an service provider and receives the SAML assertion sent by the SSO server in a response to a login request.
Both the identity provider and OpCo or tenant trust each other and configuration is required for both the entities. Two use cases are possible:
Identity provider is configured first before SSO server is added in CSO—The identity provider is configured first. Then, at the OpCo level, you can add the SSO server in CSO for tenant users, and enter the server name and metadata URL.
IdP is configured after SSO server is added in CSO—Enter the SSO server name and then click the Next button. CSO provides a list of URLs to be configured in the identity provider. After the identity provider is configured with the URLs, you can edit the SSO server name and enter the metadata URL.
For both the use cases, the metadata URL is required before you use the SSO server.
To configure an SSO server:
Field | Description |
|---|---|
| Basic Information | |
SSO Server Name | Specify the name of the SSO server. You can use a string of alphanumeric characters, special characters such as the underscore (_) or the period (.), and spaces. The maximum length is 40 characters. |
Description | Enter a meaningful description for the SSO server. |
| Metadata File | Click Browse to navigate to the file location in your local system and select the SSO server metadata XML file to upload. Note: Starting in CSO Release 6.3.0, you can either import the SSO server metadata XML file directly into CSO or provide the metadata URL. |
Metadata URL | Enter the URL from where the SSO server metadata needs to be downloaded. If you uploaded a metadata file, the URL is automatically generated. |
User Identification | Specify how a user is identified from the SAML assertion:
Note: If you are using Microsoft Azure as the IdP, we recommend that you use the SAML attribute for user identification. Tenant users might face authentication issues if you configure Name ID as the user identification attribute. |
| Field | Description |
|---|---|
SAML URLs | CSO displays the SAML URL settings. The administrator uses this information to configure the IdP. |
Single Sign-On URL | Displays the SAML Assertion Consumer Service (ACS) URL for the application. Example: https://aaa-example.com/ssol/sso server name/SAML2/POST |
Audience URI (SP Entity ID) | Displays the service provider entity ID of the application. Example: https://aaa-example.com/Shibboleth |
Metadata URL | Displays the metadata URL of the application. Example: https://aaa-example.com/saml/metadata/64000 |
Single Logout URL | Displays the single logout URL of the application. Example: https://aaa-example.com/splogout |
Download Metadata | Click this option to download metadata from the application. The administrator can download the CSO metadata and use the metadata to configure the identity provider instead configuring individual identity provider fields at a time. |
Download Certificate | Click this option to download the SAML certificate from the application. The administrator can use this certificate to update the certificate on the identity provider. |
