SAML 2.0 Configuration

Device42 integrates with SAML 2.0 in conjunction with AD or LDAP user synchronizations to provide Single Sign On (SSO) support in Device42. Once users are added to Device42 via Active Directory or LDAP, they will automatically be logged into Device42 when they load the site.

Note Since authorization is handled by Device42, the user needs to exist within Device42 before they can log in for single sign on functionality to work.

SAML configuration varies between providers, but we’ll provide the steps for configuration with Microsoft ADFS, Okta and Onelogin below as examples. Device42 SSO should also work with any SAML2.0 compatible Identity Provider, and has been confirmired working with IDaaS providers Centrify and PingIdentity’s PingOne and PingFederate as well.

Should you need further assistance, please contact Support.

Microsoft ADFS Configuration

Add new relying party trust

ADFS Party Trust

Next screen : Add data manually

ADFS Party Trust

Next screen : Specify your app display name

Next screen : Choose AD FS profile

Next screen : Choose SAML 2.0 SSO and set proper D42 ACS url, ie: https://yourdevice42address/saml2_auth/acs/

ADFS Party Trust

Next screen : Set identifiers access

ADFS Party Trust

Next screen : Permit all users

Next screen : In claims section ( click “edit claims” on relying party / automatic go to this section after initial setup ), add the following claims

username claim

ADFS Party Trust

nameid claim

ADFS Party Trust

Copy metadata url from endpoints

ADFS Party Trust

** if you receive time synchronization error please write this command in powershell :
Set-ADFSRelyingPartyTrust -TargetIdentifier “” -NotBeforeSkew 5

Okta Configuration

In Okta, click the “Admin” button:

Okta Admin Link

Click “Applications” button

Okta Applications Link

In the “Applications” page find “Add application” button and click it.

Okta Admin Link

Choose “Create new app”

Okta Admin Link

Select platform as Web and sign on method as SAML 2.0.

Okta Admin Link

Set application preferences and click next

Okta Admin Link

On the next page setup ACS url and field mapping. The Single Sign On URL & Audience URI should be https://yourdevice42address/saml2_auth/acs/. The Attribute value should be the same AD or LDAP attribute that your users will log into Device42 with. Note the “Name” given to it as this will be needed in the Device42 Appliance Manager configurations.

Okta Admin Link

Click “Next” and finish setup.
Open your application settings, go to the “Sign On” tab and copy url from “Identity provider metadata” link. This will be used as the “Metadata URL” in Device42’s Appliance Manager.

Okta Admin Link

Onelogin Configuration

Create and login into your OneLogin account.
Create an app connector in OneLogin
Go to Apps > Add Apps.

Okta Admin Link

Search for SAML Test Connector.
Select the SAML Test Connector (IdP w/ attr) app.

Okta Admin Link

Save.
Open new application and go to the “Configuration” tab, set the Audience, Recipient and ACS URL values to https://yourdevice42address/saml2_auth/acs/

Okta Admin Link

Click “SSO” tab, and copy “Issuer URL”. This will be entered in the “Metadata URL” field in Device42.

Okta Admin Link

Click “Save”

Device42 Appliance Manager Configuration

Login to Device42 Appliance Manager, https://yourdevice42address:4343, and go to the SAML 2.0 settings on the left, then set metadata url you obtained above. Set the “username” field to match the value you saved in the SAML configuration.

Okta Admin Link

After this has been saved, SAML integration should be complete!