Documentation forSolarWinds Platform Self-Hosted

Configure your Identity Provider in the SolarWinds Platform Web Console

This topic applies to all SolarWinds Platform products.

Configuring the login to the SolarWinds Platform Web Console using SAML v2 protocol requires configuration both in the SolarWinds Platform Web Console and with your identity provider. This topic describes the settings in the SolarWinds Platform Web Console:

For further instructions on the configuration, see Authenticate SolarWinds Platform users with SAML v2 for an overview and the section on your Identity Provider for details:

Start the Add Identity Provider wizard

  1. Log in to the SolarWinds Platform Web Console using an administrator account.

  2. Click Settings > All Settings.

  3. In the User Accounts section, click SAML Configuration.

  4. Click Add Identity Provider. This opens the Add Identity Provider wizard.

Add Identity Provider wizard - Step 1: Enter Orion URL (Enter SolarWinds Platform Web Console Addresses)

Okta and AD FS

In the Enter Orion URL step, check that the external URLs are correct and adjust them if necessary.

SolarWinds Platform Web Console External URL

This is the URL of your SolarWinds Platform server or its DNS alias.

Additional Web Console external URLs

If you have additional polling engines deployed, check the URL(s) for the servers hosting the additional web console. The field should contain one of the following:

  • The address of the server hosting your Additional Web Console

    Example: https://WIN-1234567890A

  • The DNS alias of the server hosting the Additional Web Console

    Example: https://orion

  • No input

    Clear the suggested URL. When you try to log in to the Additional Web Console using SAML authentication, you'll be redirected to the primary SolarWinds Platform Web Console

These URLs are used to generate the URL and URI you copy into your identity provider settings.

Azure AD

In the Enter Orion URL step, check that the external URLs are correct and adjust them if necessary.

SolarWinds Platform Web Console External URL

This is the URL of your SolarWinds Platform server or its DNS alias.

Additional Web Console external URLs

If you have Additional web servers deployed, check the URL(s) for the servers hosting the additional web console. The field should contain one of the following:

  • The address of the server hosting your Additional Web Console

    Example: https://solarwinds.my-company.com

  • The DNS alias of the server hosting the Additional Web Console

    Example: https://orion

  • No input

    Clear the suggested URL. When you try to log in to the Additional Web Console using SAML authentication, you'll be redirected to the primary SolarWinds Platform Web Console

These URLs are used to generate the URL and URI you copy into your identity provider settings.

Add Identity Provider wizard - Step 2: Prepare IdP (Specify SSO Service URLs to Your Identity Provider)

Okta

If you have deployed additional web servers, the SSO Service URLs section includes more URLs - one for the primary SolarWinds Platform Web Console and one for each additional web server.

AD FS

The Prepare IdP step provides the Audience URI and SSO Service URLs to be copied and pasted into the AD FS configuration.

Keep the browser open, and continue in AD FS.

If you have deployed additional web servers, the SSO Service URLs section includes more URLs - one for the primary SolarWinds Platform Web Console and one for each additional web server.

Azure AD

The Prepare IdP step provides Audience URI and SSO Service URL(s) to be copied and pasted into the configuration in Azure AD.

Keep the browser open, and continue in Azure AD.

Add Identity Provider wizard - Step 3: Configure (Paste in Your Identity Provider Information)

Okta

In the Configure step, paste the information from the Okta tab with configuration details you left open.

  • Identity Provider Name: specify how the identity provider will be displayed on the login page. Use for example 'Okta'.

  • SSO Target URL

    Example: https://www.okta.com/app/app_name_example_1/xyz/sso/saml

  • Issuer (Entity ID)

    Example: http://www.okta.com/abcdefgh123456ijkl789

  • Public Certificate - Certificate in Base64 form

    Copy the contents of the certificate, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.

AD FS

In the Configure step, enter your Identity Provider details:

  • Identity Provider Name: specify how the identity provider will be displayed on the login page.

    Example provider name: AD FS

  • SSO Target URL: enter the URL manually, using the example format.

    Example format: https://hostname.domain/adfs/ls

  • Issuer (Entity ID): paste the Issuer URI.

    1. Open AD FS, navigate to Service and right-click it.
    2. Select Edit Federation Service Properties, copy Federation Service Identifier, and paste is into Issuer (Entity ID).

    Example format: http://hostname.local/adfs/services/trust

  • Public Certificate - Certificate in Base64 form
    Where do I get the certificate for AD FS?

    Open the exported certificate in a text editor and copy it, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.

Azure AD

In the Configure step, complete the following:

  1. Specify the Identity Provider Name. Use for example 'Azure AD'.
  2. In SSO Target URL, paste the Login URL from Azure.
  3. In Issuer URI, paste the Azure AD Identifier from Azure.
  4. In the X.509 Signing Certificate field, copy the contents of the certificate file you downloaded from SAML Signing Certificate in the Azure portal. Include all text, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.