Open topic with navigation

Administer > Security > Authentication > Setting up Authentication > Authentication Configuration

Authentication Configuration

ClosedOpening a User Record and Adding an External Login

See Setting Up Users for Authentication for more information.

In the Login for External Auth field, enter the UPN name of the active dDirectory user from the ADFS computer (for example, firstname.lastName@frontrange.com).

Users who do not have employee records can be created when logging in via ADFS/SAML or Open ID if auto provisioning is selected in the authentication provider record. See Setting Up Authentication for Open ID and Setting Up Authentication for ADFS/SAML.

1. Within HEAT, click Get ADFS Certificate, as described in Authentication Configuration or for SAML, Authentication Configuration.
2. Go back to your ADFS/SAML server and open the certificate to do some configuration, as described in Authentication Configuration.
3. Get the certificate for use in HEAT, and save it locally, as described in Authentication Configuration.
4. Within HEAT, set up ADFS/SAML authentication and click the Certificate link to browse to the saved certificate and upload it, as described in Setting Up Authentication for ADFS/SAML.
5. Finally, make sure that you have set up users to use authentication, as described in Setting Up Users for Authentication.
6. See the sample URL for logging in using authentication in Logging In or Accessing Records Using URLs.
ClosedGetting the Authentication Provider URL that Identifies the Relying Party
1. Click My Applications, then click the <application name> link you just configured.
2. Click the General tab.
3. Copy the URL that appears in the EmbedLink field.

Authentication Provider URL

ClosedConfiguring the Authentication Provider in HEAT
1. Paste the relying party URL (copied in the previous step) into the Identity Server URL field in HEAT.
2. Click the Add Certificate link to upload the certificate you downloaded and saved earlier.
3. Configure the other fields, as described in Setting Up Authentication for ADFS/SAML.

Following is a sample Okta configuration SAML provider record:

Sample SAML Provider Record

To test your configuration, go back to the Okta My Applications page and click the tenant link that you created. The HEAT login page should appear.

Next:

  • Ensure that your users can use authentication.
  • Users can click a link on the HEAT login page which directs them to their identity provider website and log in from there to HEAT or users can use authentication to log in from an URL sent via email.

Related Information

Authentication Providers

Encryption Keys

Examples

When Seamless Sign-on Fails

Tasks

Password Policy

Setting up Authentication

Integrated Windows Authentication

Reference

Login Priority

API Keys

Authentication Providers

Copyright © 2011-2014 FrontRange Solutions USA Inc. | All Rights Reserved