Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Manage Identity Providers

Routing Director provides the Security Assertion Markup Language (SAML) and Lightweight Directory Access Protocol (LDAP) options to add identity providers (IdPs) for authentication of users logging into Routing Director.

Note:

  • Active Directory is the only directory service supported in this release.

  • You must map the user groups defined in the LDAP server to the roles in Paragon Automation along with configuring LDAP in Routing Director. For information about mapping user groups to roles, see Manage Roles.

Table 1 lists the parameters to add identity providers to an organization.

Table 1: Parameters to Add Identity Providers
Field Description
Name*

Enter a name for the IdP.

For example, juniper_sso
Type* Select the type of IdP. The available options are:

  • SAML (default)—Use this option to allow users to log in by using third-party credentials; for example, credentials to log in to Google.

    See SAML Options to configure SAML in Routing Director.

  • LDAP—Use this option if you have an LDAP directory storing the user authentication and authorization information.

    See LDAP Options to configure LDAP in Routing Director.

SAML Options
Issuer* Enter the unique URL that identifies your SAML IdP. For example, https://sts.windows.net/xxx99xx9x-9xxxx-999999-x9999-xxxxx-9x999999x9x9/
Note:

Ensure that Routing Director is registered with the IdP so that you get the values to input for Issuer.
Name ID Format* Select a unique ID for the user. The options are e-mail and unspecified. If you select e-mail, the IdP uses your e-mail address to authenticate you. If you select unspecified, the IdP generates a unique ID to authenticate you.
Signing Algorithm* Select a signing algorithm from the following:

  • SHA1

  • SHA256 (default)

  • SHA384

  • SHA512
Certificate* Enter the certificate issued by the SAML IdP.
Note:

Ensure that Routing Director is registered with the IdP so that you get the values to input for Certificate.
SSO URL*

Enter the URL to redirect the users to the SAML identity provider for authentication.

https://login.microsoftonline.com/xxx00x0c-0xxx-0000-000x-0x000000x
Custom Logout URL

Enter the URL to redirect the users after logging out.

https://login.microsoftonline.com/xxx00x0c-0xxx-0000-000x-0x000000x
ACS URL

The URL that the IdP should redirect an authenticated user to after signing in. The value is auto-generated and not editable.

https://demo.app.com/api/v1/saml/x0x0x00x00x/login
Single Logout URL

The URL that the IdP should redirect when a user logs out of an authentication session. The value is auto-generated and not editable.

https://demo.app.com/api/v1/saml/x0x0x00x00x/logout

LDAP Options

Server Host*

Enter the hostname of the LDAP server. For example, 192.0.2.109.

Server Port*

Enter a port number for the LDAP service. For example, 636.

Range - 1 through 65,000

Base DN*

Enter the base distinguished name (DN) within the information tree in the LDAP server. The Base DN is the root tree for LDAP searches.

For example: DC=ldap-server,DC=com

Manager DN

Enter the LDAP account (in full DN) for querying a user record for password verification and group association. For example, CN=John Doe,CN=Users,DC=example,DC=com

Use this option when the LDAP server is configured to query with a password.

Note:

In this release, LDAP authenticates only the users included in the CN=Users container. For users not in the CN=Users container, there might be authentication errors.

Manager Password

Enter a password for the user specified in the Manager DN field.

Verify SSL Cert

Click the check box to indicate whether the certificate of the LDAP server is to be validated.

CA Certificates

Enter the Privacy-Enhanced Mail (PEM)-coded certificates from the certificate authority.

Enter each certificate in a new line.

Add an Identity Provider

To add an IdP:
  1. Click Settings Menu > System Settings on the banner.
    The Organization Settings page appears.
  2. Click the Create IDP (+) icon above the Identity Providers table.
    The Create Identity Provider page appears.
  3. Configure the IdP by using the guidelines in Table 1.

    Fields marked * are mandatory.

  4. Click Create.
    The IdP is created and listed in the Identity Providers table.

Edit an Identity Provider

To edit an IdP:
  1. Click Settings Menu > System Settings on the banner.
    The Organization Settings page appears.
  2. Click the IdP you want to edit in the Identity Providers table.
    The Edit Identity Provider page appears.
  3. Edit the IdP by using the guidelines in Table 1.
    Note:

    You cannot edit IdP type, ACS URL, and Single Logout URL.
  4. Click Save.
    You are returned to the Organization Settings page, where you can view the changes in Identity Providers table.

Delete an Identity Provider

To delete an IdP:
  1. Click Settings Menu > System Settings on the banner.
    The Organization Settings page appears.
  2. Click the IdP that you want to delete.
    The Edit Identity Provider page appears.
  3. Click Delete.
    You are returned to the Organization Settings page, where you can view that the IdP is removed from the Identity Providers table.

See Also