Follow the steps below to create a logon procedure, Application and SSO IDP and SP configuration on DualShield.

Add a Logon Procedure:


Log on to the DualShield Administration Console and go to Authentication>Logon Procedure 





Click on  on the top right.


In the new Logon Procedure window, please enter the following information:

OptionValue
Name:Enter a friendly name
Type:Web SSO

Click: Save






Add Logon Steps


Select the drop down menu corresponding to the Logon Procedure you will be using and click on Logon Steps.





In the Logon Steps Dialogue box, click the  button.


Tick the desired authentication method, e.g. Static Password






Click Save.


Repeat to add extra steps.


I have added two steps; Static Password and One-Time Password



 




Create an Application


Authentication> Applications





Click on  on the top right.



In the new Application window, please enter the following information:

OptionValue
Name:Enter a friendly name
Realm:Select your Realm
Logon Procedure:

Select the Logon Procedure you had created in the previous step

Click: Save





Click Save


Bind the Application to an SSO Server Agent



Click the button under the Agents column on the same row as the application you will be using.







Tick the box of the SSO Server you will be using and click Save below.





Create a Service Provider Profile



Go to SSO>Service Providers





Click on  on the top right.



Fill in the details as per screenshot on right and make sure you select SAML 2.0 as Type, and click on Create Metadata








Copy and paste the following metadata into the Metadata dialogue box:


<EntityDescriptor entityID="https://www.imanageshare.com/authn/trusted-relay" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.imanageshare.com/authn/trusted-relay"/>
        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.imanageshare.com/authn/trusted-relay" index="0" isDefault="true"/>
    </SPSSODescriptor>
</EntityDescriptor>








Enable the following SAML Options including Support IDP Initiated Logon







Select Attributes at the top and then click Create








You have to create five attributes.

The first one is as follows:


OptionValue
Location:HTTP Body
Name:objectGUID
Format:basic
Script:userID.decodeHex().encodeBase64().toString()
Return in Response:Enabled







Click Save.



Click Create to create the second attribute...


OptionValue
Location:HTTP Body
Name:first_name
Format:unspecified
Maps To:firstName
Return in Response:Enabled








Click Save.



Click Create to create the third attribute...


OptionValue
Location:HTTP Body
Name:last_name
Format:unspecified
Maps To:lastName
Return in Response:Enabled








Click Save.



Click Create to create the fourth attribute...


OptionValue
Location:HTTP Body
Name:uid
Format:unspecified
Maps to:userPrincipleName
Return in Response:Enabled







Click Save.


Click Create to create the fifth attribute...


OptionValue
Location:HTTP Body
Name:aid
Format:unspecified
Fixed Value: *xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Return in Response:Enabled

*Replace xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx with the Company ID value from iManage Share.






Click Save.



Click Save again.  







Download the IDP Metadata file.


Go to SSO>SSO Servers







Select the drop-down menu corresponding to the SSO server you will be using and click on Download IDP Certificate.