Set Up Single Sign-On Authentication

Note: In 11.4 or later, Single Sign-On (SSO) authentication can be used to access the UI however only one Active Directory is supported. SSO authentication is not supported on an Analyst UI Deployment.

Single Sign-On authentication enables the user to log in to NetWitness Platform or any other application if the user is authenticated by the same Identity Provider (IDP). The Active Directory Federation Services (ADFS) is the only supported IDP and the protocol used for SSO is SAML 2.0.

NetWitness Platform Single Sign-On Authentication Workflow

The following workflow shows how the user can access NetWitness Platform using Single Sign-On authentication.
netwitness_ssoworkflow.png

The workflow of SSO authentication shows the following:

  1. User tries to access the NetWitness Platform UI using the web browser. For example, https://nw-host/login.
  2. The user is prompted to login into the IDP (ADFS) login page.
  1. The user enters the credentials for authentication.
  2. If the authentication is successful, NetWitness Platform authorizes the user based on the user groups configured on the Active Directory Server and External Role Mapping in NetWitness.
  3. If the authorization is successful, the user is logged into the NetWitness Platform.

Note: If the single sign-on authentication fails, the user cannot access the NetWitness Platform. For more information, see Troubleshooting.