Applies to NAM 2018+
Authentication > SSO and federation
For more about SSO, see Single sign-on (SSO) in NAM.
Use the HTTPS and HTTP switches to:
- Set the URL and type of connection (HTTPS or HTTP) that NAM will use for communication with the external IdP.
- Enable or disable SSO via an external IdP.
If you need to switch off SSO through an external IdP, this is where to do it.
Recommended. HTTPS is the more secure method. To use HTTPS to communicate with an IdP, enter the URL and set the HTTPS switch to On.
Not recommended. HTTP is the less secure method. To use HTTP to communicate with an IdP, enter the URL and set the HTTP switch to On.
External Identity Provider
The External Identity Provider section has two edit boxes:
XML metadata of Service Provider
This metadata describes your NAM deployment in SAML 2.0 format. During configuration, you need to take a copy of it from here (Copy to clipboard or Download metadata as a file) and deliver it to your IdP.
XML metadata of Identity Provider
This metadata describes your IdP in SAML 2.0 format. During configuration, you will need to take a copy of the data from your IdP and paste it here or Upload file.
User attribute mappings
Settings for mapping user attributes:
- Email address
- Last name
- First name
Group association required for SSO user auto-import
When this is turned on, an SSO user is automatically imported during a login attempt only if that user belongs to an existing group. If the user does not belong to an existing group, login is denied and the user is not automatically imported.
User group attribute mappings
Settings for mapping user group attributes:
- User group name
- User group name regex
Disabling an external IdP
If you are using an external IdP and it goes down, or if you have other problems with SSO, you may want to temporarily access NAM using the default internal SSO.
To switch back to internal SSO:
- Get the address of your NAM Console machine.
- On your browser address line, open the following:
<console address>:<port>is the IP address and port of the console machine.
If you want to continue using internal SSO, you can turn off your external IdP configuration:
- Open Authentication > SSO and federation.
- Set the Active switch to Off.