Sec/User Mgmt: Configure Single Sign-On

Document created by RSA Information Design and Development on Jan 30, 2020Last modified by RSA Information Design and Development on Mar 23, 2020
Version 3Show Document
  • View in full screen mode
 

The following workflow describes the tasks to be performed in sequence to configure Single Sign-On authentication on NetWitness Platform.

Configure ADFS as IDP for NetWitness

For instructions on how to configure ADFS as IDP for NetWitness, see the Configure SAML 2.0 provider settings for portals topic in Microsoft documentation.

Map User Roles to External Groups

Atleast one Active Directory group should be mapped to an administrator role in NetWitness Platform. For instructions on how to map user roles to Active Directory groups, see (Optional) Map User Roles to External Groups.

Enable Single Sign-On

  1. In NetWitness Platform, go to Admin > Security
    The Security view is displayed with the Users tab open.
  2. Click the Single Sign-On Settings tab.
  3. Select the Enable SSO checkbox.
  4. Select the Auto Import IDP Metadata if you want the latest IDP metadata to be automatically downloaded at regular intervals.
    When you select this check box, a Metadata URL field will be displayed where you must enter the IDP metadata URL.

  5. Select Use proxy checkbox for the requests to IDP tobe routed through the proxy configured in Admin -> System -> HTTP Proxy settings.
  6. Select Import IDP Metadata to manually import the meta data and enter the IDP metadata URL.
    Note: Make sure you update the link every time the IDP metadata is updated.
  7. Enter a unique entity ID to identify the NetWitness instance in the Identity Provider.
  8. (Optional) Select the Enable Global Logout checkbox if you want to be logged out of NetWitness Platform along with all the other associated sessions authenticated by IDP.
  9. Click Apply.
    This may take some time however we recommend you to restart the admin-server immediately. To export the metadata in an XML format either click the link in the notification tray and download the metadata or click Export Service Provider Metadata .

Note: The exported Service Provider metadata must be imported to IDP. For more information, see the Configure SAML 2.0 provider settings for portals topic in Microsoft documentation.

You are here
Table of Contents > Set Up Single Sign-On Authentication > Configure Single Sign-On

Attachments

    Outcomes