BloxOne DDI
Page tree

Contents

Expand all   Collapse all

Before configuring IdP settings, you first configure 3rd party IdP authentication by associating an IdP protocol with a domain. The SSO Portal supports using a single IdP configuration on multiple domains. You can use the same IdP configuration to authenticate users from multiple domains, as long as the domains match the federated configuration. To configure multiple-domain authentication, you first add a primary domain and prove mastery of it, and then add other domains and link them to the primary domain and its IdP configuration. For information about adding domains, see Configuring Domains.


Note

To link multiple domains to the primary domain, ensure that you complete the following:

  • Complete the IdP configuration for the primary domain and keep it active.
  • Prove mastery of all domains you want to link to the primary domain.


Single-domain IdP Authentication

To configure IdP authentication for a single domain, complete the following:

  1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
  2. On the 3rd Party IDP page, click Select Domain on the right upper navigation bar.
  3. From the Select Domain drop-down menu, select a domain on which you want to configure 3rd party IdP.

  4. Once the domain is selected, you must select the protocol you want to utilize in establishing the connectivity between your IdP and SSO Portal.   

    From the Select IDP Protocol menu, select one of the following:

    1. SAML 2.0 for Okta and ForgeRock

    2. Azure SAML for Azure AD (Active Directory)

  5. The SSO Portal displays the selected domain and protocol, as shown below:

  6. After you have selected a domain and a protocol, you can complete the following 3rd party IdP settings:

Multiple-domain IdP Authentication

Before you configure multiple-domain IdP authentication, consider the following:

  • The primary domain configuration, including group mappings, applies to all linked domains. The configuration for linked domains is a read-only copy of the primary domain configuration. To edit the IdP configuration, you must select the primary domain from the Select IDP Protocol drop-down menu. 
  • Deactivating or resetting the primary domain will unlink all domains, resulting in the need to re-link them after reactivation.

To configure IdP authentication for multiple domains, complete the following:

  1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
  2. On the 3rd Party IDP page, click Select Domain on the right upper navigation bar.
  3. From the Select Domain drop-down menu, select the domain you want to link to the primary domain.

  4. From the Select IDP Protocol menu, select Link to <primary domain> <IdP Protocol>, where primary domain is the domain name of the primary domain and IdP protocol is the federated IdP configuration of the primary domain.
    In the following example, you would select Link to Test.com SAML 2.0 from the drop-down menu to link Example.domain.com to Test.com using the SAML 2.0 IdP configuration.

  5. In the warning dialog, click Confirm to confirm that you want to link the domain to the primary domain.
  6. To the right of the domain name, the Cloud Services Portal displays the federation status and the primary domain to which this domain is linked, as follows:

  7. Repeat the above steps if you want to link multiple domains to the primary domain. Note that all linked domains share the same IdP configuration of the primary domain. 

Unlinking a Domain from Multiple-Domain IdP

To unlink a domain from the primary domain, complete the following:

  1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
  2. On the 3rd Party IDP page, click Select IDP Protocol on the right upper navigation bar.
  3. From the Activate drop-down menu, select Unlink from <primary domain>, as shown in the following:


  • No labels

This page has no comments.

© 2021 Infoblox. All rights reserved.        Feedback        Terms & Conditions        Legal        Privacy Policy