Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
(Optional)
Check the "Require SAML Login" box (If set, users will only be
allowed to use SAML to access the SMA. Local logins will be denied for all
users except for the Primary Admin user and the KACE Support account (only
when a Support Tether is active).
Select
"IdP Does Not Support Passive Authentication".
Scroll
Down to “Local Service (SP) Settings” and click on “View Metadata”.
Copy the
link below “SP Assertion Consumer Service (url)” and “SP Entity Identifier
(uri)” you will need these links on the Next steps on Azure. Make sure
that all the links are "secure" shown as “https”. Add the “s”
manually if the link is shown as “http”.
Stand by in KACE SMA and let's move to the steps
in Azure.
In
OneLogin
Add a new application, and
search for "SAML Custom Connector (Advanced)".
Set the Name of your
Application and click SAVE.
Click on the Configuration Section.
On the Audience
(EntityID)
field, paste the SP Entity Identifier (uri) from the SMA.
On the ACS
(Consumer) URL Validator and the ACS (Consumer) URL fields paste the SP Assertion
Consumer Service (url) from the SMA.
On the Single
Logout URL field
paste the SP SLO Endpoint (url) from the SMA.
Click on Save.
Click on the Parameter Section.
Create the attributes you
will be sending to the SMA by clicking on the plus sign next to SAML Custom
Connector (Advanced) Field. (Please check the box to Include in
SAML assertion
for every attribute).
Click on Save.
Remember to grant Access to
the users to the application on OneLogin.
Click on the SSO Section and copy the Issuer URL.
Back
to KACE SMA
Paste the Issuer URL from OneLogin on the SMA on
the IdP Metadata URL field and click on Import IdP Metadata.
Click on Save.
On the IdP
Attribute Mapping
section use the attributes created on OneLogin to map correctly the
information sent from the IdP to the KACE SMA.
On Role Mapping section use
the attribute created on OneLogin to correctly Assign Roles to the users
that are login to the KACE SMA.