- Customers have the capability to configure Single Sign-on (SSO) settings to allow for IdP federated access to the Silverline Portal
- Users that will have access to the Silverline Portal through the Federated service must have an account created in the Silverline Portal.
- Silverline Portal
- Single Sign-On
- Silverline WAF
- Silverline DDoS
How to Configure SSO with IdP
- To configure the feature in the Silverline portal, navigate to Config > SSO Integration
- Click the "+Add" button to add an SSO config.
- Complete required fields:
- Identity-Provider (IdP) Certificate (in PEM format)
- IdP Single Sign-On Target URL (E.g.: https://sub.domain.com/uri)
- IdP Single Logout Target URL (E.g.: https://sub.domain.com/uri)
- Portal creates 3 values that are unique to each specific SSO Config in the portal (more than 1 SSO Config can be created.)
- Use these 3 values to create the necessary configuration in the IdP that is going to be utilized.
- F5 Silverline Assertion Consumer URL
- F5 Silverline Issuer ID
- Name Identifier Format
- Click Save to save the SSO configuration.
How to Require SSO Provider (IdP) for User Sign-In
- Navigate to the 'Customer Details' page by clicking on your Company Name, just between the 'Support' button and the current user's name, in the top-right portion of the portal.
- Click the 'Edit Customer' button.
- In the middle column, near the bottom, select the SSO config created in the previous step from the dropdown labeled: Required SSO Provider for User Sign-in.
For Users: How to Use SSO Login to Access Portal
Once SSO config is enabled, users attempting to log in to the Portal will follow this workflow:
- User enters their Silverline Portal Email address. No password is needed.
- If the provided e-mail address DOES match an existing user, the user will be automatically redirected to their IdP's authentication page.
- Upon successful authentication at the IdP, the user will then be redirected and single-signed on to the Silverline portal.
- If the provided e-mail does NOT match an already-created Silverline user, the user is given an 'Invalid email or password' error."
- The network administrator should check that this user's email is included in the IdP.
Troubleshooting: IdP OUTAGE or SSO Config ISSUE
In the event that an IdP is experiencing issues, or an SSO config in the Silverline portal becomes non-operational:
- Contact the SOC to temporarily disable the 'Required SSO Provider for User Sign-in'
- Allows for authentication directly against the Silverline portal user database
- If necessary, the SOC could trigger the 'Reset Password' functionality
- Initiates a Reset Password e-mail for a user, to allow for direct login to the Silverline portal.
- Then either upon the correction of the SSO config within Silverline, or the restoration of the customer's IdP's services, the 'Required SSO Provider for User Sign-in' can be reconfigured to use the correct setting.
- How to set up SSO with Microsoft ADFS 3.0 (Windows Server 2012 r2)
- How To Integrate Silverline SSO with Okta