Single sign-on (SSO) is a method for authenticating user access to multiple applications using a single set of login credentials. This article provides an overview of OneView SSO and how to configure this option. For details on using SSO across your users, see Single sign-on scenarios with OneView .
Enable Single Sign-On
- On the left navigation menu, click Configure > Users.
- Click the Single Sign-On tab.
- Toggle on Enable Single Sign-On (SSO).
- Toggle on Just-In-Time (JIT) Provisioning to automatically create a OneView user profile when a user logs in for the first time.
- Select a default role to assign to users created through JIT provisioning.
- Toggle on Require SSO for certain roles to enforce SSO for selected user roles.
- Note: This setting is ignored for users with MFA enabled.
- Toggle on Just-In-Time (JIT) Provisioning to automatically create a OneView user profile when a user logs in for the first time.
- Click Save.
Link your single-sign on tool
For single sign-on to work, connect OneView to your Identity Provider (IDP).
CAUTION - OneView only supports lowercase email addresses, meaning email addresses in your IDP must be in lowercase. For example, BobSmith@Malwarebytes.com needs to be set in the IDP as bobsmith@malwarebytes.com
- From your IDP, generate the Metadata URL or XML file. Refer to the following under the OneView Service Provider Details:
- Service Provider Entity ID: The unique entity ID of OneView as a Service Provider.
- Assertion Consumer Service URL: The IDP redirects the authentication response to this URL.
-
Additional Reply URL: Some IDPs require an additional whitelisted reply URL to receive the SAML response.
https://ipi-intg-partner-portal-prod.auth.us-east-1.amazoncognito.com/saml2/idpresponse -
SAML assertion attributes:
SAML attribute name Value http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress User Email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname User First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/familyname User Last Name
- Under Identity Provider (IDP) Metadata, enter the Metadata URL or select Metadata XML to upload the XML file.
- Click Save.
If you are locked out of your OneView console due to improper SSO configuration, contact support.