Configuring SAML, OAuth2, or OpenID Login in ETM Dashboard
Overview
Single Sign-On (SSO) provided by an Identity Provider (IdP) is an increasingly common, security-focused practice. It is common in Zero-Trust Network Access security policies because it enables the admin to:
- centralize control of user login policies & credentials
- consolidate user accounts that require access to multiple cloud-based services
- enforce stringent password policies and multi-factor authentication
- simplify user login to reduce password fatigue
- reduce the threat of data breaches by moving authentication off-site
ETM Dashboard supports login using SAML, OAuth2, or OpenID federated accounts. You must have an existing account with an Identity Provider (or IdP) such as Okta, Duo, or OneLogin to use these options.
Single Sign-on is configured in My Organization > SSO.
Who is affected?
- The account owner
- Anyone who has been invited to manage the account as a user
Before you begin
To configure SSO with your IdP, you will need to determine which SSO method is recommended for your IdP. You will then need to collect the necessary attributes by logging into your account to locate the necessary information. Refer to the documentation of your provider for the necessary steps to gather the required information.
Selecting your Organization Name
The Organization Name attribute identifies and initiates this specific SAML or OAuth2 login process; you can think of it like a username. It can include letters, numbers, or punctuation. You can use capital letters when configuring the Organization Name, but it is not case-sensitive at the point of login. For example, you could enter "Example Company" as your organization and still log in with "example company".
Your Organization Name must be unique. You will receive an error message if a given name is not available for use.
This Organization Name is specific to this SSO option and does not need to match the name associated with your ETM Dashboard organization.
Configuring SAML Login
Set the Organization Login Type to "SAML".
Provider attributes
The attributes found under the Configuration heading inform ETM Dashboard how to connect to and authenticate against your SAML provider.
The Login URL, Entity Id, and Encryption Certificate fields are required. The Signing Certificate field is only used when you are given a different certificate by the provider.
Testing SAML login
The Test SAML button becomes available once you have saved your settings. This will validate that ETM Dashboard is able to connect to your provider.
Downloading SP metadata
The Download SP Metadata button becomes available once you have saved your settings. The resulting data is uploaded to your Identity Provider to authorize ETM Dashboard to use their SSO login.
Removing SAML
Click the Delete button to remove this configuration. You can use this option to make changes to the SAML connection or switch to a different provider.
If you want to completely disable this authentication method, set the Organization Login Type to "Disabled" instead.
Configuring OAuth2 / OpenID login
Set the Organization Login Type to "OAuth2 / OpenID".
Provider attributes
The attributes found under the Configuration heading inform ETM Dashboard how to connect to and authenticate against your Oauth2 or OpenID provider.
All fields are required.
Sign-in redirect URIs
If your OAuth2 provider requires sign-in redirects, they can be found below the configuration fields. Those URIs are also provided here, for your convenience:
- https://launchpad.edge.arista.com/account/sso
- https://launchpad.edge.arista.com/oauth2/signon/fc05796533944dff9e19b3c76621cda1
Testing OAuth2 or Open ID
The Test OAuth2 button becomes available once you have saved your OAuth2 / OpenID settings. This will validate that ETM Dashboard is able to connect to your provider.
Removing OAuth2 / OpenID
Click the Delete button to remove this configuration. You can use this option to make changes to the OAuth2 / OpenID connection or switch to a different provider.
If you want to completely disable this authentication method, set the Organization Login Type to "Disabled" instead.
Logging into ETM Dashboard using Identity Provider SSO
- Go to the ETM Dashboard login page at https://launchpad.edge.arista.com
- Enter your Organization Name.
- Click Continue.
- You are redirected to your IdP's login page to authenticate.
- When your login is complete, you are redirected to your ETM Dashboard account.
Comments
0 comments
Please sign in to leave a comment.