• State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 38 subscribers
  • Views 3035 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Single Sign-on (SSO)

max348

I want to create a single sign-on where user will be prompted everytime he/she tries to access the orion web console.I have integrated few users with active directory and when they try to access the orion website it logs them in without asking for credentials, which is fine. In addition to it i want a pop up asking them to enter the windows credentials everytime they try to access the site and once the credential has been entered it will log them in to the web console automatically. I am also trying to enable SSL. can anyone help me how i can do it together.

  • 0

    The automatic logon to Orion is configurable via the Configuration Wizard. Select Website and then toggle this setting to either yes or no.

    2017-02-27 09_30_07-se-lhi-atol-ori (10.199.21.25) - Remote Desktop Connection Manager v2.7.png

    And the link that d09h​ provide can help you setup SSL in Orion but there are some prerequisites that have to be done before. You have to generate a self-signed certificate and associate it with IIS.

    How to Create a Self Signed Certificate in IIS 7 

  • 0

    Sounds like you DON'T want SSO. If a computer is domain joined, and a person browses to Orion via IE, it uses NTLM so IE automatically signs in, hence SSO.  If you don't want a user to automatically sign in using IE, then use Firefox, and the user has to login  manually.

    Of course the user will need to have their Domain credentials added to Orion in order to login, so another method is to not use AD to login and create individual accounts on Orion, then they have to login manually, but if they also choose to save password, they are back to automatically logging in when they browse to the site.

    The way I have it setup for us is that if I want someone to have access I add their AD creds to Orion and have them browse to Orion using IE, that way the login automatically, so they only need to sign on via the computer domain login with Ctrl-Alt-Delete when  they start their day.

  • 0

    I want something like this. But i guess if i enable this pop up it will not log in automatically and have to re-enter credentials for the orion web page. how can i get this pop up to be enabled for all the users trying to access orion web page. is there something to do with active directory or ADFS?? i was asked by my system admin to enable this and i am not sure how to do it.

    sso.PNG

    Also can you guys tell me what is the below screenshot for??

    ldap.PNG

  • 0 in reply to max348

    So there are really only two options that I'm aware of, and neither really fit the description you've provided. Either option is going to be using Windows accounts or groups that have been set up in Settings > All Settings > Manage Accounts.

    1. Use AD credentials without automatic login. This wouldn't show a popup at all. This would use the standard logon page where users could type 'domain/username' with their password to gain access. Logon would be required every time.
    2. Use AD credentials with automatic login. This is a setting enabled through the Configuration Wizard as mentioned earlier. It's functionality may or may not work depending on the type of browser that is being used. If it doesn't automatically log a user in then it'll revert to option 1.

    The LDAP screenshot you post is specifically for non-Windows AD based LDAP deployments. If you're using either option above you'll want to make sure this LDAP option is turned off.

  • 0 in reply to chad.every

    Users are using AD credentials to login and they can log in automatically everytime they access the orion web page. But my system team is asking to enable SSO authentication as per their new security policies. So there is no way to enable sso authentication on solarwinds??. I have been checking for this and i found that we can enable SSO authentication with WHD (Web Help Desk ) which uses SAML and ADFS. I do not have WHD. I am running SAM, NPM, WPM  and other modules. can i achieve this without using WHD??

    Sorry if i am asking too many things.. i am not a windows guy and don't understand these things easily. I checked with system team and they said we can have SSO authentication either through SAML, ADFS or direct through AD. So if i go with direct AD or ADFS or SAML do i have to do anything on solarwinds??

  • 0 in reply to max348

    Yeah, the term SSO is a little misleading. Orion (SAM, NPM, WPM) does not support SAML or ADFS. The only thing it supports is AD logon based on what AD domain the Orion server is joined too. You can go to Settings > All Settings > Manage Accounts and click Add and select Windows Account or Windows Group. That's the best it can do.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.