Configure Vantage for SSO

Before you can use single sign-on authentication in Vantage, you must configure Vantage.

Before you do this procedure, make sure that you have:

Completed the Configure your IdP for SAML integration procedure
Downloaded an eXtensible Markup Language (XML) file from your identity provider (IdP) to a location that your browser can access
Note: In order for security assertion markup language (SAML) to work correctly, groups that correspond to your SAML roles must already exist in Vantage. Groups are found using the role's name; for example, if the SAML name attribute specifies daf0ff75-d045-4a5a-8747-6d2a2ee47cdd, the IdP looks for the daf0ff75-d045-4a5a-8747-6d2a2ee47cdd role when authorizing an authenticating user.

Log in to Vantage as an administrator.
In the top navigation bar, select
The administration page opens.
In the System section, select SAML SSO.
The SAML Single Sign On page opens.
Select the Enable SAML Single Sign on checkbox.
To the right of the Metadata XML field, select Choose File
Locate and select the metadata file that you downloaded from your IdP.

Note: This file gives Vantage the necessary parameters to configure SAML for your IdP.
In the Entity ID field, enter the identifier (ID) assigned to the Vantage application in the IdP.

Note: The form of this ID determines how authentication is processed. For example, if the value you enter specifies hypertext transfer protocol secure (HTTPS), Vantage uses the HTTPS protocol when it processes login requests.
In the Role attribute field, enter a string that will be used to map role names in your IdP to groups in Vantage.

Note: The value in this field is used to compare groups defined in Vantage with those defined in your IdP. The nature of this value depends on your IdP. For example, if you are use Microsoft Office 365 as your IdP, the value might be: http://schemas.microsoft.com/ws/2008/identity/claims/role
Select Save.
Test the integration.
1. On the Vantage login page, enter a SAML user name.
2. Select Next.
3. Select Single Sign On.
Note: Nozomi Networks products do not support the logout SAML protocol.

Note: Before authentication can succeed, Vantage groups that match your IdP's roles must exist . To map groups to roles, you can use the role's SAML ID or SAML name, as defined in your IdP . When you create a group in Vantage, you enter the SAML ID or SAML name of the related IdP role. If a Vantage group isn't mapped to an IdP role, authentication fails for users assigned that role.

Note: When a user logs in to Vantage and authenticates, and the Vantage group doesn't include that user, Vantage adds the user to the group automatically.