Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Manage Identity Providers

Paragon Automation provides the Security Assertion Markup Language (SAML) and Lightweight Directory Access Protocol (LDAP) options to add identity providers (IdPs) for authentication of users logging into Paragon Automation.

Note:
  • Active Directory is the only directory service supported in this release.

  • You must map the user groups defined in the LDAP server to the roles in Paragon Automation along with configuring LDAP in Paragon Automation. For information about mapping user groups to roles, see Manage Roles.

Table 1 lists the parameters to add identity providers to an organization.

Table 1: Parameters to Add Identity Providers
Field Description
Name

Enter a name for the IdP.

Type Select the type of IdP. The available options are:
  • SAML (default)—Use this option to allow users to log in by using third-party credentials; for example, credentials to log in to Google.

    See SAML Options to configure SAML in Paragon Automation.

  • LDAP—Use this option if you have an LDAP directory storing the user authentication and authorization information.

    See LDAP Options to configure LDAP in Paragon Automation.

SAML Options

Issuer Enter the unique URL that identifies your SAML IdP. For example, Google or Microsoft.
Note:

Ensure that Paragon Automation is registered with the IdP so that you get the values to input for Issuer.

Name ID Format Select a unique ID for the user. The options are e-mail and unspecified. If you select e-mail, the IdP uses your e-mail address to authenticate you. If you select unspecified, the IdP generates a unique ID to authenticate you.
Signing Algorithm Select a signing algorithm from the following:
  • SHA1

  • SHA256 (default)

  • SHA384

  • SHA512

Certificate Enter the certificate issued by the SAML IdP.
Note:

Ensure that Paragon Automation is registered with the IdP so that you get the values to input for Certificate.

SSO URL Enter the URL to redirect the users to the SAML identity provider for authentication.
Custom Logout URL Enter the URL to redirect the users after logging out.
ACS URL The URL that the IdP should redirect an authenticated user to after signing in. The value is auto-generated and not editable.
Single Logout URL The URL that the IdP should redirect when a user logs out of an authentication session. The value is auto-generated and not editable.

LDAP Options

Server Host

Enter the hostname of the LDAP server.

Server Port

Enter a port number for the LDAP service.

Range - 1 through 65,000

Base DN

Enter the base distinguished name (DN) within the information tree in the LDAP server. The Base DN is the root tree for LDAP searches.

For example: DomainComponent (dc)=company,dc=com

Manager DN

Enter the LDAP account (in full DN) for querying a user record for password verification and group association.

Use this option when the LDAP server is configured to query with a password.

Manager Password

Enter a password for the user specified in the Manager DN field.

Verify SSL Cert

Click the check box to indicate whether the certificate of the LDAP server is to be validated.

CA Certificates

Enter the Privacy Encoded Mail (PEM)-coded certificates from the certificate authority.

Enter each certificate in a new line.

Add an Identity Provider

To add an IdP:
  1. Click Settings Menu > System Settings on the banner.
    The Organization Settings page appears.
  2. Click the Create IDP (+) icon above the Identity Providers table.
    The Create Identity Provider page appears.
  3. Configure the IdP by using the guidelines in Table 1.
  4. Click Create.
    The IdP is created and listed in the Identity Providers table.

Edit an Identity Provider

To edit an IdP:
  1. Click Settings Menu > System Settings on the banner.
    The Organization Settings page appears.
  2. Click the IdP you want to edit in the Identity Providers table.
    The Edit Identity Provider page appears.
  3. Edit the IdP by using the guidelines in Table 1.
    Note:

    You cannot edit IdP type, ACS URL, and Single Logout URL.

  4. Click Save.
    You are returned to the Organization Settings page, where you can view the changes in Identity Providers table.

Delete an Identity Provider

To delete an IdP:
  1. Click Settings Menu > System Settings on the banner.
    The Organization Settings page appears.
  2. Click the IdP that you want to delete.
    The Edit Identity Provider page appears.
  3. Click Delete.
    You are returned to the Organization Settings page, where you can view that the IdP is removed from the Identity Providers table.