Configure the federated security
See Federated security.
-
On the Home page, click
.
The Federated Security page appears.
-
Federated Security is
Off by default. You can
only turn the federated security on when an active authentication provider is
configured (see step 14).
Web.config file. See the TotalAgility Installation Guide for more information.When Federated Security is on, turn off Windows Authentication. To do so, modify the
- Enter a display Name for the authentication provider.
- On the Endpoint Type list, select the endpoint type to specify whether the endpoint supports WS-Federation or SAML.
- Specify the URL for the WS-Federation or SAML endpoint of the provider in the Endpoint URL box.
-
Optionally, specify the relying party URL in the
Relying Party box.
-
If you provide the relying party identifier and APP ID URI in the Federated Security Provider as https://<servername>/TotalAgility/, you need not specify the relying party URL when configuring the federated security in TotalAgility. If you provide a different relying party identifier in the Federated Security Provider, ensure that the identifier provided in the Federated Security Provider must match with the relying party URL specified in TotalAgility.
- On upgrading to TotalAgility 7.5.0, the relying party identifier and APP ID URI specified in the Federated Security Provider that is being used with TotalAgility will be https://<servername>/TotalAgility/.
-
- Specify the issuer identity of the provider in the Issuer box. At runtime, this identity helps to verify that any claims passed to TotalAgility are from the correct provider.
-
Specify the
Sign Out URL.
When you log off the provider, the specified URL opens.
-
Select either setting to specify the
Logout option:
-
TotalAgility and Provider: Logs you out of the provider as well as TotalAgility.
-
TotalAgility: Logs you out of TotalAgility.
-
-
Enter the text in the
Certificate box.
At runtime, the certificate is used to verify that any claims passed to TotalAgility are from the correct provider.
- Click Yes for Active to specify that the provider is active (Default: No).
-
Determine how an existing user is found in
TotalAgility
when you log on using the authentication provider.
-
Click
Configure for
User Claim Mappings.
User claim mappings apply if the user does not exist in TotalAgility.
-
In the User Claims Mapping page, match the user to either
Username or Email Address:
- If you match to
Username, specify the following:
-
Username is taken From Security Token (Default).
-
For Name and Email Address, click Enter on Login to enter the name manually at runtime or click From Security Token to take the name from a security token.
-
- If you match to
Email, specify the following:
-
For Username and Name, click Enter on Login to enter the name manually at runtime or click From Security Token to take the name from a security token.
-
Email Address is taken From Security Token (Default).
-
- If you match to
Username, specify the following:
- Click Close.
-
Click
Configure for
User Claim Mappings.
-
To define a set of rules to indicate the
TotalAgility
Category, and groups a new user is added to after being successfully
authenticated with the provider, click
Configure for
User Claim Rules and
configure the Default User Claim and a set of rules.
- Consume a Category and Working Category.
- Optionally, consume a Working Group.
-
To define rule, click
Yes for
Custom User Rules and
do the following:
-
Enter a rule Name for the claim.
-
Specify the Claim Type and Claim Value.
-
To specify the Category the user is added to if the custom rule is satisfied, consume a Category.
-
To specify the Working Category the user is added to if the custom rule is satisfied, consume a Category.
-
To specify the Working Group the user is added to if the custom rule is satisfied, consume a Group.
Specify at least one of the preceding optional settings for a custom user rule. -
Optionally consume the resource Groups the user is added to if the custom rule is satisfied.
-
Click Add .
The Custom User Rules take priority over Default User Claim rules.
-
- Click Close to close the User Claim Rules page.
- In the Authentication Providers page, click Add to add the Authentication Provider.
-
Click
On for
Federated Security.
Note the following:
- For TotalAgility on-premise, restart TotalAgility Application Pool for the Federated Security setting to take effect.
- For TotalAgility in an Azure environment, restart of Application Pool is not required.
- If Federated Security is in use on the Azure tenant and is connected to an integration server, the integration server will also make use of the same security settings. You must restart the TotalAgility Application pool on the Integration server for the new Azure Tenant configuration settings to take effect.
Additional information
Once the authentication provider is added and Federated Security is turned on, upon logging on to TotalAgility Designer, the user is redirected to configured authentication provider URL.
If multiple authentication providers are configured, the user can select one and the Authentication Provider Logon page opens.
Once the user is authenticated by the provider, he or she gets logged on to TotalAgility:
-
If the user exists in TotalAgility and matches a TotalAgility user using the claims mappings, he or she gets logged on to TotalAgility.
-
If the user does not exist in TotalAgility, he or she is added based on the user claim rules and then gets logged on to TotalAgility.
Launch the TotalAgility Designer in recovery mode
If the Federated Security was configured incorrectly, you can launch the TotalAgility Designer in Recovery Mode to modify the Federated Security configuration.
- Use the following URL: http://localhost/TotalAgility/Designer/Default.htm?sessionId=589CE226A8B4F38FEFDB351B7597DF7E.
-
Enter a valid user name and password.