Authentication is the process of verifying the identity claimed by a system entity. Often that entity is a user, but in some situations the entity is a service. TrueSight Network Automation supports the following authentication mechanisms:
- Active Directory
- SAML 2.0
This topic provides the tasks that you need to perform to support the SAML 2.0 mechanism. Details needed for the other authentication mechanisms are described on the Application server installation worksheets page.
Supporting SSO mechanism
Starting from version 8.9.04, TrueSight Network Automation supports SSO. To implement SSO for the GUI-based interface, TrueSight Network Automation uses the SAML 2.0 protocol and for the non-GUI based interfaces, such as SSH Proxy and REST services, TrueSight Network Automation uses the OAuth 2.0 protocol. TrueSight Network Automation supports SSO with CA Single Sign-On and Okta as Identity Providers (IdP).
Before you begin
Ensure that the time on the Identity Provider (IdP) server and the TrueSight Network Automation application server is in sync.
Supporting SSO for GUI-based interface
To enable SSO on the GUI-based interface, perform the following tasks:
- Before installing TrueSight Network Automation, register the TrueSight Network Automation application on the IdP server with SAML authentication. While registering, you need to provide the TrueSight Network Automation URL in the following format: https://hostName:portNumber/bca-networks/main/displayMain.do.
hostName indicates the name of the computer where you want to install TrueSight Network Automation. portNumber indicates the port number for https communication.
- Choose SAML 2.0 as the authentication mechanism on the Authentication Source panel while installing TrueSight Network Automation.
- (Optional) To enable other SSO users (except the Administrator with which you have installed TrueSight Network Automation) for SAML 2.0 authentication, log on to TrueSight Network Automation GUI and select the Automatically Add New Users As parameter on the System parameters page.
Supporting SSO for non-GUI based interfaces
To enable SSO on non-GUI based interfaces, perform the following tasks: