a. |
b. |
c. |
d. |
In the newly created App Registration, on the Endpoints page, copy the contents of the Federation metadata document field. |
3. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
4. |
a. |
b. |
On the SAML Settings page, under Security Assertion Markup Language (SAML), select the Enable SAML Service Provider check box. |
5. |
In the Remote Identity Provider (IdP) Settings section, specify your IdP metadata to authenticate users by completing the following steps. |
a. |
b. |
NOTE: To review this information anytime during your SAML configuration, click View Metadata in this section. |
6. |
In the Security Assertion Markup Language (SAML) section, ensure the IdP Does Not Support Passive Authentication check box is selected. |
7. |
In the IdP Attribute Mappings section, select the option that you want to use to grant the SAML user access to the appliance. |
◦ |
Use Local User Table: Relies on the user list stored locally on the appliance. |
◦ |
Use LDAP Lookup: Imports user information from an external LDAP server. For more information, see Using an LDAP server for user authentication. |
◦ |
Select Use SAML, and set the following options: |
◦ |
UID: http://schemas.microsoft.com/identity/claims/objectidentifier |
◦ |
Login: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
◦ |
Name: http://schemas.microsoft.com/identity/claims/displayname |
◦ |
Primary Email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
8. |
If you selected the Use SAML option, under Role Mapping, specify the following condition for the role that you want to grant to SAML-authenticated users (for example, the Administrator role): |
9. |
Optional. To view the appliance-specific SAML settings on the appliance, in the Local Service Provider (SP) Settings section, click View Metadata, and review the options that appear. |
a. |
c. |
d. |
In the Redirect URIs section, select Web and set it to the SP Assertion Consumer Service (url) value from the SAML Settings page, under Local Service Provider (SP) Settings. |
e. |
In the Advanced settings, set the Logout URL field to the SP SLO Endpoint (url) value from the Local Service Provider (SP) Settings section. |
f. |
In Azure, click Expose an API, and click Set next to Application ID URI. Set this field to the SP Entity Identifier (uri) value from the Local Service Provider (SP) Settings section. |
g. |
In Azure, click Manifest, and in the editor that appears on the right, add or update the "groupMembershipClaims" attribute and set its value to "SecurityGroup" or "All". |
11. |
c. |
To allow the appliance to display the location associated with the logged-in user's public IP address, you must install a location database. See Install and configure the location database.
You can see all sessions on the Recent Sessions page. For a quick list of the latest sessions associated with your user account, use the My Recent Sessions pane. See View a list of user sessions.
User session details include the IP address of the currently logged-in user. This information is displayed on the Recent Sessions page. For public IP addresses you can also display the geographical location associated with a specific IP address, however this requires a location database to be installed on the appliance. You can install the MaxMind Geolocation database free of charge and display user locations for any public IP address.
You can periodically refresh the location database by installing an updated version. While it is possible to install multiple databases over time, the most recently installed database overwrites the contents of the previous version. For example, if a country database is already installed, and you install a city database on the appliance, the Location column on the Recent Sessions page reflects the information from the newly installed city database.
For complete information about MaxMind Geolocation databases, visit https://www.maxmind.com/.
NOTE: To download a database file from MaxMind, start by creating a user profile. You must download a file that uses the MMDB format, not a CSV file. |
◦ |
If the Organization component is not enabled on the appliance, log in to the appliance Administrator Console, https://appliance_hostname/admin, then select Settings > Control Panel. |
◦ |
If the Organization component is enabled on the appliance, log in to the appliance System Administration Console, https://appliance_hostname/system, or select System in the drop-down list in the top-right corner of the page, then select Settings > Control Panel. |
3. |
On the General Settings page that appears, in the Geolocation Lookup Database section, point to the downloaded ZIP file. |
4. |
Next, you can go to the Recent Sessions page and review the location data for the current user. See View a list of user sessions.
You can review user sessions on the appliance. Use the My Recent Sessions pane to see the latest sessions associated with your account. You can also review all sessions that are currently active on the appliance on the Recent Sessions page.
1. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
3. |
NOTE: You can delete duplicated sessions by clicking the Delete icon in the Actions column, as needed. |
4. |
To see all sessions that are currently active on the appliance, in the My Recent Sessions pane, click View All Recent Sessions. |
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center