You can use Quest Identity Broker (QIB) to enable users to log in to the Administrator Console and User Console using credentials from third-party identity providers, such as your organization's Identity Provider and Microsoft Azure™ Active Directory.
QIB can be enabled for a single organization only. If the Organization component is enabled on your appliance, you can enable QIB for the default organization only. To use single sign on with multiple organizations, use Active Directory authentication. See Configure Active Directory as the single sign on method.
1. |
◦ |
If the Organization component is not enabled on the appliance, log in to the K1000 Administrator Console, http://K1000_hostname/admin, then click Settings. |
◦ |
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
2. |
In the Single Sign On section of the Security Settings page, select Quest Identity Broker, then provide the following information: |
The URL associated with your K1000 appliance. This URL is created automatically during appliance configuration. To enable QIB, contact Quest Support and provide this URL to obtain the Relying Party Identifier for your appliance.
| |||
A unique identifier provided by Quest Support to enable QIB. This identifier determines which identity provider, such as your organization's Identity Provider or Microsoft Azure Active Directory, is used for authentication. You must provide your Web Server Assertion Consuming Service URL to Quest Support to receive this identifier. | |||
Users requesting single sign on access are automatically granted access to the K1000 User Console if they are authenticated by the third-party identity provider. Accounts for these users are created automatically on the K1000 appliance. | |||
Administrators must approve access requests before users can access the K1000 Administrator Console or User Console. When users attempt to sign on to the K1000 using third-party credentials, the K1000 creates approval requests. When administrators log in to the Administrator Console, a notification stating that approval requests are pending appears on the information bar at the top of the Dashboard page. When administrators approve requests, user accounts are created on the K1000 appliance and users can access the K1000 Administrator Console or User Console. |
3. |
The certificate used to verify communications with the identity provider. |
4. |
You can generate a self-signed SSL certificate, or generate a certificate signing request for third-party certificates, using the Administrator Console.
1. |
◦ |
If the Organization component is not enabled on the appliance, log in to the K1000 Administrator Console, http://K1000_hostname/admin, then click Settings. |
◦ |
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
2. |
3. |
4. |
NOTE: If a certificate signing request has previously been generated, it appears on the page. To generate a new request, you need to update the information in the Configure section, then click Save before you click Generate Self-Signed Certificate. |
5. |
The common name of the appliance you are creating the SSL certificate for. | |
6. |
1. |
Copy all of the text in the Certificate Signing Request section, including the lines "-----BEGIN CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----" and everything in between, then send it to the certificate issuer or the person who provides your company with web server certificates. |
2. |
When you receive a certificate from the third party, return to the Security Settings page and upload the certificate. See Configure security settings for the appliance. |
1. |
Click Generate Self-Signed Certificate to generate and display the certificate below the Certificate Signing Request section. |
2. |
3. |
NOTE: Your private key appears in the Private Key field. It is deployed to the appliance when you deploy a valid certificate. Do not send the private key to anyone. It is displayed here in case you want to deploy this certificate to another web server.
|
Konea provides optimized real-time communications for systems-management operations.
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy