Enabling Helix SSO authentication

Starting with version 23.4, TrueSight Network Automation is compatible with Helix Single Sign-On (SSO) authentication mode.

To establish integration between TrueSight Network Automation and Helix SSO, you must set up the Helix SSO URL and user during the installation process. For more information, see Performing-the-installation.

After successful configuration, you can log in to TrueSight Network Automation by using the designated user credentials.


Related topics

Planning

Installing-the-application-server-on-Windows

Installing-the-application-server-on-Linux


To enable Helix SSO for UI

  1. During installation of TrueSight Network Automation, select Remedy Single Sign On as the authentication mechanism on the Authentication Source panel.
  2. (Optional) To enable Helix SSO user (except the Administrator with which you have installed TrueSight Network Automation) for Helix SSO authentication, log in to TrueSight Network Automation UI and select the Automatically Add New Users As parameter on the system parameters page.


Considerations

  • During installation, the Helix SSO Server URL must be in the following format:
    https://<rsso-server>.<rsso-cookie-domain>/rsso
  • Only users created within the "*" realm in Helix SSO work in this authentication mode because TrueSight Network Automation does not support multi-tenancy.
  • During the launch of TrueSight Network Automation. the server redirects to the Helix SSO login page for authentication. Enter the credentials of the user who was configured during installation.
  • To log in to TrueSight Network Automation with the new user created in Helix SSO, this new user must have the required permissions. To grant the required permissions, you must select Enable Automatically Adding New Externally Authenticated Users property in the system parameters. If this permission is not granted, the UI will throw the following error message:
    Login error. Please check logs for more information. Click here to login again.
    The network log also stores the error as follows:
    WARNING: Automatic user created disabled.When this error is displayed, you must delete this session from Helix SSO and reload the TrueSight Network Automation URL on the browser.
  • After you log in, if you use the Log Out feature to terminate the session, you will see the following message:
    You are now logged out. Click here to login again.
    To end the session, you must delete the session from the Helix SSO.
  • For the POST /token REST API endpoint, only local user of TrueSight Network Automation will work.
  • You must configure a local TrueSight Network Automation user to access the following services:
    • SSH terminal to start a session
    • Populating End of Life data Job
    • All external integrations like TrueSight Orchestration, Multi Server Administration, etc
    • Utilities like Import/Export Component using scripts, Template Push.


For more information about setting up the authentication method for the TrueSight Network Automation user, see Installing-the-application-server-on-Windows or Installing-the-application-server-on-Linux.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*