Note: This configuration requires you to have an AuthAnvil On-Premises Password Server v2.8 - newer installed before you begin.
If you do not have an AAoP subscription please contact IAM.firstname.lastname@example.org
To add the On-Premises Password Server application to your On-Demand tenant launchpad please follow these steps.
Configuring your On-Demand tenant
Log into your On-Demand tenant
- Select Directory Manager.
- Select Groups.
Select the green plus sign in the bottom right corner.
Name the Group Password Server Users.
Note: If you have other existing Groups for SSO users you can use one of these as well.
Select ADD GROUP.
- Select SSO Manager.
- Select the green plus sign in the bottom right corner.
- Select Password Server
- Select Application is Enabled.
Choose the desired Authentication Policy.
- Select Protocol.
Update the Assertion Consumer Service URL to reflect your On-Premises FQDN.
- Select Advanced Settings.
- Under Signing Algorithm
Note: If you installed Password Server v2.8 before Mar. 4th 2017 please apply this Hotfix before you attempt to use this integration.
- Select Add Application.
- Select Permissions.
You will need to grant the application access to your desired user group.
- Select Signing and Encryption.
- Select Download Certificate
Note: You will need this certificate to configure the Password Server.
- Select Save Changes.
Allowing your On-Demand tenant access to your Premises Password Server
- Log into your On-Premises Password Server.
- Select Admin > General Settings
Select AuthAnvil Two Factor Auth Settings.
- Set the AuthAnvil SAS URL: https://(Your On-Demand Tenant)AuthAnvil/SAS.asmx
- Set the Site ID as 1
- Select Single Sign-On Settings
- Select Enable Single Sign On box.
Fill in the following information for your AuthAnvil SSO server:
Issuer: https://(Your On-Demand Tenant)/AuthAnvil/SSO/Trust/site1
Identity Provider Login URL: https://(Your On-Demand Tenant)/SSO/logon.aspx
Identity Provider Logout URL: https://(Your On-Demand Tenant)/SSO/authorizedapps.aspx
- Select Import New SSO Certificate and upload the certificate you downloaded from your On-Demand Tenant.
- Select Save Changes.
Once the configuration is complete, you should test that everything is working as expected.
- Log out of all existing AuthAnvil Password Server sessions before logging in.
- Log into your On-Demand tenant Launchpad.
- Select Password Server. You should now be logged into the On-Premises Password Server.