Table of contents Integrate Single Sign-On (SSO) Access to Aternity Configure SSO access to Aternity in the Integration Settings page. Single Sign-On (SSO) allows you to bypass Aternity's sign in screen, by authenticating just once with your enterprise's chosen identity provider (IdP). Every time you access Aternity, it automatically reroutes you to the IdP, and then after authentication, it automatically routes you back to your Aternity home page as a signed in user. As such, the IdP manages the entire authentication process, which can include two-factor authentication, biometrics, or a simple password, hence Aternity does not store any passwords in the system. Access your Aternity homepage using SSO When setting up SSO access with Aternity, you provide a custom subdomain to add to Aternity's web address to access the system, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point, or another name containing alphanumeric characters only. To access Aternity with SSO, configure your IdP to accept authentication requests from Aternity. We support one or both of the following access methods: Enter a customized Aternity URL (https://sso.aternity.mycompany.com), to automatically redirect to the IdP for sign in, and then return to Aternity as a signed in user (known as SP-redirect via SP-initiated SSO). Users who already signed in to the IdP can select Aternity from the IdP portal, which redirects them to Aternity as a signed in user (POST bindings). If you need to re-authenticate while using Aternity, for example, if you have been inactive for too long, the system offers you to sign in again via the IdP, and then returns you to the page you accessed last. Before you begin To use SSO with Aternity, you have to use an identity provider (IdP) which: Supports SAML 2.0. Sends the username or user's email address to Aternity as the main identifier of the user. Important This must match the Aternity username, after completing the authentication process. If you are using Microsoft's Active Directory Federation Services (AD FS) as your IdP, complete the prerequisites in Configure Single Sign-On (SSO) to use your Active Directory (ADFS) as your Identity Provider ProcedureStep 1 Open a browser and sign in to Aternity. Step 2 View Aternity's integration with other enterprise systems by selecting the Gear Icon > Integration Settings. Enable SSO by toggling the switch to SAML 2.0 Settings for Single Sign On > ON. Integrate Aternity with other enterprise systems Field Description Subdomain Enter a custom subdomain to add to Aternity's web address to access the system, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point, or another name containing alphanumeric characters only. SP Entity ID Displays the customized URL to access Aternity via SSO, like https://sso.aternity.mycompany.com. SP Consumer URL Displays the URL where users are redirected after successful authentication (also known as the ACS or Assertion Consumer Service). Sign AuthnRequest If you are using AD FS as your IdP, toggle this field to OFF. Step 3 Send the two SSO URLs, SP Identity ID and Consumer URL to your IdP's settings. Tip If you use Active DIrectory as your IdP, enter these URLs in AD FS. Learn more. Step 4 Ask for XML metadata from your IdP, and paste it in IdP Metadata. It may also contain the certificate of your IdP. Tip If you use Active DIrectory as your IdP, find the metadata from this link: https://<ADFS_hostname>/FederationMetadata/2007-06/FederationMetadata.xml. For example, if the server hostname is srv1.emea.mycompany.com, the link would be https://srv1.emea.mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml. Example of the IdP XML metadata you must provide Step 5 Define the privileges of all SSO users by adding them as SAML users inside Aternity by adding an SSO user. Tip If these users already exist as local users, you can switch them to SAML users. Add an SSO user to Aternity Step 6 As an SSO user, access Aternity. Enter the SSO address, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point Access your Aternity homepage using SSO Step 7 To send a REST API query in Excel, PowerBI or a browser, enter an Aternity username which has the OData Role privilege, and its password. For SSO users, generate your own Aternity REST API password by selecting User icon > REST API Password. For LDAP users, enter the domain name, then a backslash ('\'), then your network username and password. For example domain_name\jsmith Learn more. Access data using the OData interface by sending a URL and receiving data in XML or JSON formats Configure Single Sign-On (SSO) to use your Active Directory (ADFS) as your Identity ProviderParent topic Integrate Aternity with SteelCentral Suite and Other Systems (Integration Settings)Related tasksConnect SteelCentral Portal to the Aternity Data SourceTroubleshoot Server Times by Integrating with SteelCentral AppInternalsTroubleshoot a Device's Network Connections by Linking to SteelCentral NetProfilerConnect Email Server to AternityConnect Aternity to your Active Directory (LDAP)Configure Aternity with a Ticketing System (SNMP Trap Manager) SavePDF Selected topic Selected topic and subtopics All content Related Links
Integrate Single Sign-On (SSO) Access to Aternity Configure SSO access to Aternity in the Integration Settings page. Single Sign-On (SSO) allows you to bypass Aternity's sign in screen, by authenticating just once with your enterprise's chosen identity provider (IdP). Every time you access Aternity, it automatically reroutes you to the IdP, and then after authentication, it automatically routes you back to your Aternity home page as a signed in user. As such, the IdP manages the entire authentication process, which can include two-factor authentication, biometrics, or a simple password, hence Aternity does not store any passwords in the system. Access your Aternity homepage using SSO When setting up SSO access with Aternity, you provide a custom subdomain to add to Aternity's web address to access the system, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point, or another name containing alphanumeric characters only. To access Aternity with SSO, configure your IdP to accept authentication requests from Aternity. We support one or both of the following access methods: Enter a customized Aternity URL (https://sso.aternity.mycompany.com), to automatically redirect to the IdP for sign in, and then return to Aternity as a signed in user (known as SP-redirect via SP-initiated SSO). Users who already signed in to the IdP can select Aternity from the IdP portal, which redirects them to Aternity as a signed in user (POST bindings). If you need to re-authenticate while using Aternity, for example, if you have been inactive for too long, the system offers you to sign in again via the IdP, and then returns you to the page you accessed last. Before you begin To use SSO with Aternity, you have to use an identity provider (IdP) which: Supports SAML 2.0. Sends the username or user's email address to Aternity as the main identifier of the user. Important This must match the Aternity username, after completing the authentication process. If you are using Microsoft's Active Directory Federation Services (AD FS) as your IdP, complete the prerequisites in Configure Single Sign-On (SSO) to use your Active Directory (ADFS) as your Identity Provider ProcedureStep 1 Open a browser and sign in to Aternity. Step 2 View Aternity's integration with other enterprise systems by selecting the Gear Icon > Integration Settings. Enable SSO by toggling the switch to SAML 2.0 Settings for Single Sign On > ON. Integrate Aternity with other enterprise systems Field Description Subdomain Enter a custom subdomain to add to Aternity's web address to access the system, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point, or another name containing alphanumeric characters only. SP Entity ID Displays the customized URL to access Aternity via SSO, like https://sso.aternity.mycompany.com. SP Consumer URL Displays the URL where users are redirected after successful authentication (also known as the ACS or Assertion Consumer Service). Sign AuthnRequest If you are using AD FS as your IdP, toggle this field to OFF. Step 3 Send the two SSO URLs, SP Identity ID and Consumer URL to your IdP's settings. Tip If you use Active DIrectory as your IdP, enter these URLs in AD FS. Learn more. Step 4 Ask for XML metadata from your IdP, and paste it in IdP Metadata. It may also contain the certificate of your IdP. Tip If you use Active DIrectory as your IdP, find the metadata from this link: https://<ADFS_hostname>/FederationMetadata/2007-06/FederationMetadata.xml. For example, if the server hostname is srv1.emea.mycompany.com, the link would be https://srv1.emea.mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml. Example of the IdP XML metadata you must provide Step 5 Define the privileges of all SSO users by adding them as SAML users inside Aternity by adding an SSO user. Tip If these users already exist as local users, you can switch them to SAML users. Add an SSO user to Aternity Step 6 As an SSO user, access Aternity. Enter the SSO address, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point Access your Aternity homepage using SSO Step 7 To send a REST API query in Excel, PowerBI or a browser, enter an Aternity username which has the OData Role privilege, and its password. For SSO users, generate your own Aternity REST API password by selecting User icon > REST API Password. For LDAP users, enter the domain name, then a backslash ('\'), then your network username and password. For example domain_name\jsmith Learn more. Access data using the OData interface by sending a URL and receiving data in XML or JSON formats Configure Single Sign-On (SSO) to use your Active Directory (ADFS) as your Identity ProviderParent topic Integrate Aternity with SteelCentral Suite and Other Systems (Integration Settings)Related tasksConnect SteelCentral Portal to the Aternity Data SourceTroubleshoot Server Times by Integrating with SteelCentral AppInternalsTroubleshoot a Device's Network Connections by Linking to SteelCentral NetProfilerConnect Email Server to AternityConnect Aternity to your Active Directory (LDAP)Configure Aternity with a Ticketing System (SNMP Trap Manager)
Integrate Single Sign-On (SSO) Access to Aternity Configure SSO access to Aternity in the Integration Settings page. Single Sign-On (SSO) allows you to bypass Aternity's sign in screen, by authenticating just once with your enterprise's chosen identity provider (IdP). Every time you access Aternity, it automatically reroutes you to the IdP, and then after authentication, it automatically routes you back to your Aternity home page as a signed in user. As such, the IdP manages the entire authentication process, which can include two-factor authentication, biometrics, or a simple password, hence Aternity does not store any passwords in the system. Access your Aternity homepage using SSO When setting up SSO access with Aternity, you provide a custom subdomain to add to Aternity's web address to access the system, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point, or another name containing alphanumeric characters only. To access Aternity with SSO, configure your IdP to accept authentication requests from Aternity. We support one or both of the following access methods: Enter a customized Aternity URL (https://sso.aternity.mycompany.com), to automatically redirect to the IdP for sign in, and then return to Aternity as a signed in user (known as SP-redirect via SP-initiated SSO). Users who already signed in to the IdP can select Aternity from the IdP portal, which redirects them to Aternity as a signed in user (POST bindings). If you need to re-authenticate while using Aternity, for example, if you have been inactive for too long, the system offers you to sign in again via the IdP, and then returns you to the page you accessed last. Before you begin To use SSO with Aternity, you have to use an identity provider (IdP) which: Supports SAML 2.0. Sends the username or user's email address to Aternity as the main identifier of the user. Important This must match the Aternity username, after completing the authentication process. If you are using Microsoft's Active Directory Federation Services (AD FS) as your IdP, complete the prerequisites in Configure Single Sign-On (SSO) to use your Active Directory (ADFS) as your Identity Provider ProcedureStep 1 Open a browser and sign in to Aternity. Step 2 View Aternity's integration with other enterprise systems by selecting the Gear Icon > Integration Settings. Enable SSO by toggling the switch to SAML 2.0 Settings for Single Sign On > ON. Integrate Aternity with other enterprise systems Field Description Subdomain Enter a custom subdomain to add to Aternity's web address to access the system, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point, or another name containing alphanumeric characters only. SP Entity ID Displays the customized URL to access Aternity via SSO, like https://sso.aternity.mycompany.com. SP Consumer URL Displays the URL where users are redirected after successful authentication (also known as the ACS or Assertion Consumer Service). Sign AuthnRequest If you are using AD FS as your IdP, toggle this field to OFF. Step 3 Send the two SSO URLs, SP Identity ID and Consumer URL to your IdP's settings. Tip If you use Active DIrectory as your IdP, enter these URLs in AD FS. Learn more. Step 4 Ask for XML metadata from your IdP, and paste it in IdP Metadata. It may also contain the certificate of your IdP. Tip If you use Active DIrectory as your IdP, find the metadata from this link: https://<ADFS_hostname>/FederationMetadata/2007-06/FederationMetadata.xml. For example, if the server hostname is srv1.emea.mycompany.com, the link would be https://srv1.emea.mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml. Example of the IdP XML metadata you must provide Step 5 Define the privileges of all SSO users by adding them as SAML users inside Aternity by adding an SSO user. Tip If these users already exist as local users, you can switch them to SAML users. Add an SSO user to Aternity Step 6 As an SSO user, access Aternity. Enter the SSO address, like https://sso.aternity.mycompany.com, where the subdomain usually indicates this is the SSO access point Access your Aternity homepage using SSO Step 7 To send a REST API query in Excel, PowerBI or a browser, enter an Aternity username which has the OData Role privilege, and its password. For SSO users, generate your own Aternity REST API password by selecting User icon > REST API Password. For LDAP users, enter the domain name, then a backslash ('\'), then your network username and password. For example domain_name\jsmith Learn more. Access data using the OData interface by sending a URL and receiving data in XML or JSON formats Configure Single Sign-On (SSO) to use your Active Directory (ADFS) as your Identity ProviderParent topic Integrate Aternity with SteelCentral Suite and Other Systems (Integration Settings)Related tasksConnect SteelCentral Portal to the Aternity Data SourceTroubleshoot Server Times by Integrating with SteelCentral AppInternalsTroubleshoot a Device's Network Connections by Linking to SteelCentral NetProfilerConnect Email Server to AternityConnect Aternity to your Active Directory (LDAP)Configure Aternity with a Ticketing System (SNMP Trap Manager)