Automic Workload Automation

Expand all | Collapse all

Single Signon w/ SAML

Jump to Best Answer
  • 1.  Single Signon w/ SAML

    Posted 20 days ago
    Hi.  Is there anyone out there who has configured single signon with SAML (vs. Kerebos?)  I'm reading anything I can find on single signon, but it mainly seems to be Kerebos.  From what I can tell this is only recently supported with 12.3.  I'm also trying to figure out how OKTA fits into this.  This is what my company wants to start using.

    TIA.
    Laura Albrecht

    ------------------------------
    Enterprise Scheduling Lead
    Takeda
    ------------------------------


  • 2.  RE: Single Signon w/ SAML

    Posted 20 days ago
    We are using SAML sso on AWA 12.3.1 here at Oregon State University.  We have our own SAML server on premises, however.

    Were you intending on using OKTA, or just wondering why that is called out in the documentation?


  • 3.  RE: Single Signon w/ SAML

    Posted 18 days ago
    Yes, that's what it sounds like - they plan to use OKTA as the Identity Provider.

    ------------------------------
    Enterprise Scheduling Lead
    Takeda
    ------------------------------



  • 4.  RE: Single Signon w/ SAML

    Posted 19 days ago
    We are using SAML on 12.3 here at the University of Hawaii. Set up was very easy. Basically set up a few objects and we were done. We have our own Identity Provider. My guess is that OKTA would be your Identity Provider.


  • 5.  RE: Single Signon w/ SAML

    Posted 18 days ago
    As far as setup goes, from what I've read it seems like it's just a matter of:

    - Update UC_SYSTEM_SETTINGS so SAML = Y.
    - That will generate / populate a variable called UC_SAML_SETTINGS.
    - Update the Entity ID (not sure what this is - is this what I get from OKTA?) and the destination URL of the Automic AWI in the various keyword entries in UC_SAML_SETTINGS.
    - Update configuration.properties in the AWI to set sso.saml.enabled to true

    That's really it?  I hate to be looking for more complexity where there is none, but this seems too simple.  :-)

    ------------------------------
    Enterprise Scheduling Lead
    Takeda
    ------------------------------



  • 6.  RE: Single Signon w/ SAML
    Best Answer

    Posted 18 days ago
    Hi Laura,
    - Update the Entity ID (not sure what this is - is this what I get from OKTA?) and the destination URL of the Automic AWI in the various keyword entries in UC_SAML_SETTINGS.

    Client 0 - UC_SAML_SETTINGS

    in the key *SP change the value for

    entityID - this can be any string, but default seems to be "AWIHOSTNMAE/SAML2"
    (e.g.: Location="https://<your_server>/SAML2"

    and

    Location - AWIURL e.g.: Location="https://<your_server>/awi"



    ------------------------------
    Thx & rgds
    Christian
    ------------------------------