Configuring SAML, OAuth2, or OpenID Login in ETM Dashboard

Overview

Single Sign-On (SSO) provided by an Identity Provider (IdP) is an increasingly common, security-focused practice. It is common in Zero-Trust Network Access security policies because it enables the admin to:

  • centralize control of user login policies & credentials
  • consolidate user accounts that require access to multiple cloud-based services
  • enforce stringent password policies and multi-factor authentication
  • simplify user login to reduce password fatigue
  • reduce the threat of data breaches by moving authentication off-site

ETM Dashboard supports login using SAML, OAuth2, or OpenID federated accounts. You must have an existing account with an Identity Provider (or IdP) such as Okta, Duo, or OneLogin to use these options.

Single Sign-on is configured in My Organization > SSO

Who is affected?

  • The account owner
  • Anyone who has been invited to manage the account as a user

Before you begin

To configure SSO with your IdP, you will need to determine which SSO method is recommended for your IdP. You will then need to collect the necessary attributes by logging into your account to locate the necessary information. Refer to the documentation of your provider for the necessary steps to gather the required information.

Selecting your Organization Name

The Organization Name attribute identifies and initiates this specific SAML or OAuth2 login process; you can think of it like a username. It can include letters, numbers, or punctuation. You can use capital letters when configuring the Organization Name, but it is not case-sensitive at the point of login. For example, you could enter "Example Company" as your organization and still log in with "example company".

Your Organization Name must be unique. You will receive an error message if a given name is not available for use.

This Organization Name is specific to this SSO option and does not need to match the name associated with your ETM Dashboard organization.

Configuring SAML Login

Set the Organization Login Type to "SAML".

Provider attributes

The attributes found under the Configuration heading inform ETM Dashboard how to connect to and authenticate against your SAML provider.

The Login URLEntity Id, and Encryption Certificate fields are required. The Signing Certificate field is only used when you are given a different certificate by the provider.

Testing SAML login

The Test SAML button becomes available once you have saved your settings. This will validate that ETM Dashboard is able to connect to your provider.

Downloading SP metadata

The Download SP Metadata button becomes available once you have saved your settings. The resulting data is uploaded to your Identity Provider to authorize ETM Dashboard to use their SSO login.

Removing SAML

Click the Delete button to remove this configuration. You can use this option to make changes to the SAML connection or switch to a different provider.

If you want to completely disable this authentication method, set the Organization Login Type to "Disabled" instead.

SAML_configuration_options.png

 

Configuring OAuth2 / OpenID login

Set the Organization Login Type to "OAuth2 / OpenID".

Provider attributes

The attributes found under the Configuration heading inform ETM Dashboard how to connect to and authenticate against your Oauth2 or OpenID provider.

All fields are required.

Sign-in redirect URIs

If your OAuth2 provider requires sign-in redirects, they can be found below the configuration fields. Those URIs are also provided here, for your convenience:

  1. https://launchpad.edge.arista.com/account/sso
  2. https://launchpad.edge.arista.com/oauth2/signon/fc05796533944dff9e19b3c76621cda1
Follow
Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk