Authentication

Authentication is the process of verifying the identity claimed by a system entity. Often that entity is a user, but in some situations the entity is a service. TrueSight Network Automation supports the following authentication mechanisms:

  • Local
  • Active Directory
  • LDAP
  • RADIUS
  • TACACS/TACACS+
  • SAML 2.0

Details needed for these authentication mechanisms are described on the Installing-the-application-server-on-Windows and Installing-the-application-server-on-Linux pages.

This topic provides the tasks that you need to perform to support the SAML 2.0 mechanism

Related topics

Planning

Installing-the-application-server-on-Windows

Installing-the-application-server-on-Linux

To enable SSO mechanism

Starting with version 20.02.01, TrueSight Network Automation supports SSO, which is implemented using Security Assertion Markup Language (SAML) 2.0 for UI. You can use either local authentication or OAuth 2.0 for REST API and SSH Proxy. 

Network Automation has been tested with Okta as the Identity Provider (IdP) for SSO.

Before you begin

Ensure that the time on the Identity Provider (IdP) server and the TrueSight Network Automation application server is in sync.

To enable SSO for UI

To enable SSO for the UI-based interface, perform the following tasks:

  1. Before installing TrueSight Network Automation, register the TrueSight Network Automation application on the IdP server with SAML authentication. Provide the following parameters when registering:

    Important

    • The TrueSight Network Automation URL in Audience URI (SP Entity ID) or the Single Sign On URL in the following format: 
      https://hostName:portNumber/bca-networks/api/saml
      hostName       indicates the name of the computer where you want to install TrueSight Network Automation
      portNumber indicates the port number for https communication.
    • HTTP Binding as POST
    • NameIDFormat as Transient
  2. Choose SAML 2.0 as the authentication mechanism on the Authentication Source panel while installing TrueSight Network Automation. 
  3. (Optional) To enable other SSO users (except the Administrator with which you have installed TrueSight Network Automation) for SAML 2.0 authentication, log on to TrueSight Network Automation UI and select the Automatically Add New Users As parameter on the System parameters page.

To enable SSO for REST API and SSH Proxy CLI

To enable SSO for REST API and SSH Proxy, perform the following tasks:

  1. Choose SAML 2.0 as the authentication mechanism on the Authentication Source panel while installing TrueSight Network Automation.
  2. Register TrueSight Network Automation on the IdP server as an OAuth application.

  3. Configure the Enable OAuth Integration parameter on the System parameters page.

    Important

    If you do not enable this parameter, local authentication is used for REST API and SSH Proxy login. To use local authentication, you need to create users.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*