Follow the steps below to create a logon procedure, Application and SSO IDP and SP configuration on DualShield.
Add a Logon Procedure:
Log on to the DualShield Administration Console and go to Authentication>Logon Procedure
Click on on the top right.
In the new Logon Procedure window, please enter the following information:
Option | Value |
---|---|
Name: | Enter a friendly name |
Type: | Web SSO |
Click: Save
Add Logon Steps
Select the drop down menu corresponding to the Logon Procedure you will be using and click on Logon Steps.
In the Logon Steps Dialogue box, click the button.
Tick the desired authentication method, e.g. Static Password
Click Save.
Repeat to add extra steps.
Create an Application
Authentication> Applications
Click on on the top right.
In the new Application window, please enter the following information:
Option | Value |
---|---|
Name: | Enter a friendly name |
Realm: | Select your Realm |
Logon Procedure: | Select the Logon Procedure you had created in the previous step |
Click: Save
Click Save
Bind the Application to an SSO Server Agent
Click the button under the Agents column on the same row as the application you will be using.
Tick the box of the SSO Server you will be using and click Save below.
Create a Service Provider Profile
Go to SSO>Service Providers
Click on on the top right.
Fill in the details as per screenshot on right and make sure you select SAML 2.0 as Type, and click on Create Metadata
Copy and paste the following metadata into the Metadata dialogue box:
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.imanageshare.com/authn/trusted-relay"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.imanageshare.com/authn/trusted-relay" index="0" isDefault="true"/>
</SPSSODescriptor>
</EntityDescriptor>
Enable the following SAML Options including Support IDP Initiated Logon
Select Attributes at the top and then click Create
You have to create five attributes.
The first one is as follows:
Option | Value |
---|---|
Location: | HTTP Body |
Name: | objectGUID |
Format: | basic |
Script: | userID.decodeHex().encodeBase64().toString() |
Return in Response: | Enabled |
Click Save.
Click Create to create the second attribute...
Option | Value |
---|---|
Location: | HTTP Body |
Name: | first_name |
Format: | unspecified |
Maps To: | firstName |
Return in Response: | Enabled |
Click Save.
Click Create to create the third attribute...
Option | Value |
---|---|
Location: | HTTP Body |
Name: | last_name |
Format: | unspecified |
Maps To: | lastName |
Return in Response: | Enabled |
Click Save.
Click Create to create the fourth attribute...
Option | Value |
---|---|
Location: | HTTP Body |
Name: | uid |
Format: | unspecified |
Maps to: | userPrincipleName |
Return in Response: | Enabled |
Click Save.
Click Create to create the fifth attribute...
Option | Value |
---|---|
Location: | HTTP Body |
Name: | aid |
Format: | unspecified |
Fixed Value: * | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
Return in Response: | Enabled |
*Replace xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx with the Company ID value from iManage Share.
Click Save.
Click Save again.
Download the IDP Metadata file.
Go to SSO>SSO Servers
Select the drop-down menu corresponding to the SSO server you will be using and click on Download IDP Certificate.