Configure your Identity Provider in the SolarWinds Platform Web Console
This topic applies to all SolarWinds Platform products.
Configuring the login to the SolarWinds Platform Web Console using SAML v2 protocol requires configuration both in the SolarWinds Platform Web Console and with your identity provider. This topic describes the settings in the SolarWinds Platform Web Console:
- Start the Add Identity Provider wizard
- Step 1: Enter Orion URL
- Step 2: Prepare IdP
- Step 3: Configure
For further instructions on the configuration, see Authenticate SolarWinds Platform users with SAML v2 for an overview and the section on your Identity Provider for details:
Start the Add Identity Provider wizard
-
Log in to the SolarWinds Platform Web Console using an administrator account.
-
Click Settings > All Settings.
-
In the User Accounts section, click SAML Configuration.
-
Click Add Identity Provider. This opens the Add Identity Provider wizard.
Add Identity Provider wizard - Step 1: Enter Orion URL (Enter SolarWinds Platform Web Console Addresses)
Okta and AD FS
In the Enter Orion URL step, check that the external URLs are correct and adjust them if necessary.
SolarWinds Platform Web Console External URL
This is the URL of your SolarWinds Platform server or its DNS alias.
Additional Web Console external URLs
If you have additional polling engines deployed, check the URL(s) for the servers hosting the additional web console. The field should contain one of the following:
-
The address of the server hosting your Additional Web Console
Example:
https://WIN-1234567890A
-
The DNS alias of the server hosting the Additional Web Console
Example:
https://orion
-
No input
Clear the suggested URL. When you try to log in to the Additional Web Console using SAML authentication, you'll be redirected to the primary SolarWinds Platform Web Console
These URLs are used to generate the URL and URI you copy into your identity provider settings.
Azure AD
In the Enter Orion URL step, check that the external URLs are correct and adjust them if necessary.
SolarWinds Platform Web Console External URL
This is the URL of your SolarWinds Platform server or its DNS alias.
Additional Web Console external URLs
If you have Additional web servers deployed, check the URL(s) for the servers hosting the additional web console. The field should contain one of the following:
-
The address of the server hosting your Additional Web Console
Example:
https://solarwinds.my-company.com
-
The DNS alias of the server hosting the Additional Web Console
Example:
https://orion
-
No input
Clear the suggested URL. When you try to log in to the Additional Web Console using SAML authentication, you'll be redirected to the primary SolarWinds Platform Web Console
These URLs are used to generate the URL and URI you copy into your identity provider settings.
Add Identity Provider wizard - Step 2: Prepare IdP (Specify SSO Service URLs to Your Identity Provider)
Okta
If you have deployed additional web servers, the SSO Service URLs section includes more URLs - one for the primary SolarWinds Platform Web Console and one for each additional web server.
AD FS
The Prepare IdP step provides the Audience URI and SSO Service URLs to be copied and pasted into the AD FS configuration.
Keep the browser open, and continue in AD FS.
If you have deployed additional web servers, the SSO Service URLs section includes more URLs - one for the primary SolarWinds Platform Web Console and one for each additional web server.
Azure AD
The Prepare IdP step provides Audience URI and SSO Service URL(s) to be copied and pasted into the configuration in Azure AD.
Keep the browser open, and continue in Azure AD.
Add Identity Provider wizard - Step 3: Configure (Paste in Your Identity Provider Information)
Okta
In the Configure step, paste the information from the Okta tab with configuration details you left open.
-
Identity Provider Name: specify how the identity provider will be displayed on the login page. Use for example 'Okta'.
-
SSO Target URL
Example:
https://www.okta.com/app/app_name_example_1/xyz/sso/saml
-
Issuer (Entity ID)
Example:
http://www.okta.com/abcdefgh123456ijkl789
-
Public Certificate - Certificate in Base64 form
Copy the contents of the certificate, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.
AD FS
In the Configure step, enter your Identity Provider details:
-
Identity Provider Name: specify how the identity provider will be displayed on the login page.
Example provider name: AD FS
-
SSO Target URL: enter the URL manually, using the example format.
Example format:
https://hostname.domain/adfs/ls
-
Issuer (Entity ID): paste the Issuer URI.
- Open AD FS, navigate to Service and right-click it.
- Select Edit Federation Service Properties, copy Federation Service Identifier, and paste is into Issuer (Entity ID).
Example format:
http://hostname.local/adfs/services/trust
-
Public Certificate - Certificate in Base64 form
Where do I get the certificate for AD FS?Open the exported certificate in a text editor and copy it, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.
Azure AD
In the Configure step, complete the following:
- Specify the Identity Provider Name. Use for example 'Azure AD'.
- In SSO Target URL, paste the Login URL from Azure.
- In Issuer URI, paste the Azure AD Identifier from Azure.
- In the X.509 Signing Certificate field, copy the contents of the certificate file you downloaded from SAML Signing Certificate in the Azure portal. Include all text, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.