Manage Identity Providers
Paragon Automation provides the Security Assertion Markup Language (SAML) and Lightweight Directory Access Protocol (LDAP) options to add identity providers (IdPs) for authentication of users logging into Paragon Automation.
-
Support for LDAP is a Beta feature in this release.
-
Active Directory is the only directory service supported in this release.
-
You must map the user groups defined in the LDAP server to the roles in Paragon Autmation along with configuring LDAP in Paragon Automation. For information about mapping user groups to roles, see Manage Roles.
Table 1 lists the parameters to add identity providers to an organization.
Field | Description |
---|---|
Name |
Enter a name for the IdP. |
Type | Select the type of IdP. The available options are:
|
SAML Options |
|
Issuer | Enter the unique URL that identifies your SAML IdP. For example,
Google or Microsoft. Note:
Ensure that Paragon Automation is registered with the IdP so that you get the values to input for Issuer. |
Name ID Format | Select a unique ID for the user. The options are e-mail and unspecified. If you select e-mail, the IdP uses your e-mail address to authenticate you. If you select unspecified, the IdP generates a unique ID to authenticate you. |
Signing Algorithm | Select a signing algorithm from the following:
|
Certificate | Enter the certificate issued by the SAML IdP. Note:
Ensure that Paragon Automation is registered with the IdP so that you get the values to input for Certificate. |
SSO URL | Enter the URL to redirect the users to the SAML identity provider for authentication. |
Custom Logout URL | Enter the URL to redirect the users after logging out. |
ACS URL | The URL that the IdP should redirect an authenticated user to after signing in. The value is auto-generated and not editable. |
Single Logout URL | The URL that the IdP should redirect when a user logs out of an authentication session. The value is auto-generated and not editable. |
LDAP Options |
|
Server Host |
Enter the hostname of the LDAP server. |
Server Port |
Enter a port number for the LDAP service. Range - 1 through 65,000 |
Base DN |
Enter the base distinguished name (DN) within the information tree in the LDAP server. The Base DN is the root tree for LDAP searches. For example: DomainComponent (dc)=company,dc=com |
Manager DN |
Enter the LDAP account (in full DN) for querying a user record for password verification and group association. Use this option when the LDAP server is configured to query with a password. |
Manager Password |
Enter a password for the user specified in the Manager DN field. |
Verify SSL Cert |
Click the check box to indicate whether the certificate of the LDAP server is to be validated. |
CA Certificates |
Enter the Privacy Encoded Mail (PEM)-coded certificates from the certificate authority. Enter each certificate in a new line. |