Follow the steps below to create a logon procedure, Application and SSO IDP and SP configuration on DualShield.
Add a Logon Procedure:
Log on to the DualShield Administration Console and go to Authentication>Logon Procedure
Click on 
on the top right.
In the new Logon Procedure window, please enter the following information:
| Option | Value |
|---|---|
| Name: | Enter a friendly name |
| Type: | Web SSO |
Click: Save
Add Logon Steps
Select the drop down menu corresponding to the Logon Procedure you will be using and click on Logon Steps.
In the Logon Steps Dialogue box, click the 
button.
Tick the desired authentication method, e.g. Static Password
Click Save.
Repeat to add extra steps.
Create an Application
Authentication> Applications
Click on on the top right.
In the new Application window, please enter the following information:
| Option | Value |
|---|---|
| Name: | Enter a friendly name |
| Realm: | Select your Realm |
| Logon Procedure: | Select the Logon Procedure you had created in the previous step |
Click: Save
Bind the Application to an SSO Server Agent
Select the drop down menu corresponding to the Application you will be using and click on Agents.
Tick the box of the SSO Server you will be using and click Save below.
Create a Service Provider Profile
Go to SSO>Service Providers
Click on on the top right.
Fill in the details as per screenshot on right using the following values
| Option | Value |
|---|---|
| Type: | OpenID Connect |
| SSO Server: | Select the SSO server you applied as the aplication agent. (see above) |
| Application: | Select the name of the Application from the drop down list |
| Name | Type a frienly name to identify which application this Serrvice Provider will be associated with |
| NameID Format | Keep as SAM Account Name |
Expand the BASIC tab and set the values below, leaving the remainining default values.
| Option | Value |
|---|---|
| Redirect URIs: | https://x.x.x.x:5176/oidcauth |
| Post Logout Redirect URIs: | https://x.x.x.x:5176/login.html |
*Replace the x.x.x.x with the IP of the ConsoleWorks server.
Scroll down to the next value
Click Save.
Obtain the OIDC Authorization Endpoint URL
Go to SSO>SSO Servers
Select the drop down menu corresponding to the SSO server you will be using and click on Edit
Click on the OpenID Connect tab and copy out the Discovery URL.
If the URLs are not displaying click on the LOAD DEFAULT button first.
Click Save.
Check the endpoint can be discovered on the ConsoleWorks server
Open a browser on the ConsoleWorks Server and paste in the Discovery URL. You should see something similar to the picture.
If the URL cannot be reached, then you need to fix this first before moving on to the next section.
