Enabling SAML mechanism

Before you begin

Ensure that the time on the Identity Provider (IdP) server and the TrueSight Network Automation application server is in sync.

Enabling SSO for GUI

To enable SSO for the GUI-based interface, perform the following tasks:

1. Before installing TrueSight Network Automation, register the TrueSight Network Automation application on the IdP server with SAML authentication. Provide the following parameters when registering:

   Warning

   Important

   • The TrueSight Network Automation URL in Audience URI (SP Entity ID) or the Single Sign On URL in the following format: 
     https://hostName:portNumber/bca-networks/api/saml
     hostName indicates the name of the computer where you want to install TrueSight Network Automation
     portNumber indicates the port number for https communication.
   • HTTP Binding as POST
   • NameIDFormat as Transient
2. Choose SAML 2.0 as the authentication mechanism on the Authentication Source panel while installing TrueSight Network Automation. 
3. (Optional) To enable other SSO users (except the Administrator with which you have installed TrueSight Network Automation) for SAML 2.0 authentication, log on to TrueSight Network Automation GUI and select the Automatically Add New Users As parameter on the System parameters page.

Enabling SSO for REST API and SSH Proxy CLI

To enable SSO for REST API and SSH Proxy, perform the following tasks:

1. Select SAML 2.0 as the authentication mechanism on the Authentication Source panel while installing TrueSight Network Automation.
2. Register TrueSight Network Automation on the IdP server as an OAuth application.

3. Configure the Enable OAuth Integration parameter on the System parameters page.

   Warning

   Important

   If you do not enable this parameter, local authentication is used for REST API and SSH Proxy login. To use local authentication, you need to create users.