Ask the Community
Groups
Single Sign-on with Passly - Connect IT Community | Kaseya
<main> <article class="userContent"> <h1 data-id="decommission-notice"><span style="color: #000000;">Decommission Notice</span></h1> <p><span style="color: #000000;">There are two ways to authenticate with AuthAnvil (renamed Passly):</span></p> <ul><li>AuthAnvil Authenticator (called Legacy Authenticator in BMS)</li> <li><span style="color: #000000;">Single Sign-on with Passly</span></li> </ul><p><span style="color: #000000;">AuthAnvil Authenticator was deprecated in November 2019 with the release of version 4.0.27. As of July 4, 2020, the current version is 4.0.34. AuthAnvil Authenticator is now scheduled for removal. All organizations must migrate to Passly Single Sign-on (SSO) by August 31, 2020. After this date, <strong>users will not be able to log in</strong> if your organization is using AuthAnvil Authenticator. </span><span style="color: #000000;">See below</span> for setup instructions for Single Sign-on with Passly.</p> <p><span style="color: #000000;"><img src="https://us.v-cdn.net/6032361/uploads/migrated/AQPGXI4EWFZG/mceclip0.png" alt="mceclip0.png" class="embedImage-img importedEmbed-img"></img></span></p> <h1 data-id="single-sign-on-with-passly">Single Sign-on with Passly</h1> <p>This<strong> </strong>article covers how to configure BMS to authenticate users with Passly using SAML based Single Sign-On (SSO).</p> <ol><li><a rel="nofollow" href="#h_01ECKWEAPG2DSTH7J198KHM02G">Create Passly Group</a></li> <li><a rel="nofollow" href="#h_01ECKVE7GJM9S0B98Y10MVP1VC">Add BMS to Passly</a></li> <li><a rel="nofollow" href="#h_01ECKWBZHKF1YM30NSWYZ4ZE15">Download Certificate</a></li> <li><a rel="nofollow" href="#h_01ECKWNJ95F8VDCGZRD9A0CSR7">Setup BMS SSO</a></li> <li><a rel="nofollow" href="#h_01ECKXFBYJD5FFF3N6FX7WBS0P">Enable SSO for Employees</a></li> </ol><h2 id="h_01ECKWEAPG2DSTH7J198KHM02G" data-id="create-passly-group">Create Passly Group</h2> <p>You need to have a Passly user group to associate with the BMS SSO configuration.</p> <ol><li>In Passly, navigate to <strong>Directory Manager > Groups</strong>. </li> <li>Click the '+' button to create a new group.</li> <li>Give a name to your group.</li> <li>Click the <strong>Add Group</strong> button.</li> <li>Add users to the group. </li> </ol><h2 id="h_01ECKVE7GJM9S0B98Y10MVP1VC" data-id="add-bms-to-passly">Add BMS to Passly</h2> <ol><li>Navigate to SSO Manager.</li> <li>Click the '+' button followed by the book button.</li> <li>Search for 'Kaseya BMS' in the application catalog and select it. </li> <li>Check<strong> Application is Enabled</strong>.</li> <li>Click <strong>Add Application</strong>.</li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/MLLR1BVEFMPQ/mceclip6.png" alt="mceclip6.png" class="embedImage-img importedEmbed-img"></img></p> <h3 data-id="permissions">Permissions</h3> <ol><li>Navigate to the <strong>Permissions</strong> tab.</li> <li>Click <strong>Add Group</strong>. </li> <li>Select the group you created previously.</li> <li>Click <strong>Add Groups</strong>.</li> </ol><h3 data-id="attribute-transformation">Attribute Transformation</h3> <ol><li>Navigate to<strong> </strong>the <strong>Attribute Transformation</strong> tab.</li> <li>Remove the <strong>CompanyName</strong> attribute. </li> <li>Save your changes.</li> <li>Click <strong>Add Custom Attribute Map</strong>.</li> <li>Add back the <strong>CompanyName</strong> attribute, referencing your tenant name. </li> <li>Click <strong>Add Mapping</strong>.</li> <li>Save your changes. </li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/RY3EX801UJTL/mceclip9.png" alt="mceclip9.png" class="embedImage-img importedEmbed-img"></img></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/0U85KW55A3F8/mceclip10.png" alt="mceclip10.png" class="embedImage-img importedEmbed-img"></img></p> <h3 data-id="protocol-setup">Protocol Setup</h3> <ol><li>Navigate to the <strong>Protocol Setup</strong> tab.</li> <li>For <strong>Assertion Consumer URL</strong>, change the base url to the base url of your BMS server. In the example below, the base url is na1bmspreview.kaseya.com.</li> <li>For <strong>Service Entity ID</strong>, change the base url to the base url of your BMS server. In the example below, the base url is na1bmspreview.kaseya.com. </li> <li>Save your changes.</li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/5HWVAUEGJ6RD/mceclip11.png" alt="mceclip11.png" class="embedImage-img importedEmbed-img"></img></p> <h2 id="h_01ECKWBZHKF1YM30NSWYZ4ZE15" data-id="download-certificate">Download Certificate </h2> <ol><li>Navigate to the <strong>Signing and Encryption</strong> tab.</li> <li>Click <strong>Download</strong>.</li> </ol><h1><img src="https://us.v-cdn.net/6032361/uploads/migrated/BJAJLIHDCON6/mceclip14.png" alt="mceclip14.png" class="embedImage-img importedEmbed-img"></img></h1> <h2 data-id="passly-application-assignment">Passly Application Assignment</h2> <ol><li>Navigate to Launchpad in the left menu.</li> <li>Right-click on the BMS application, and copy the link to a text pad.</li> <li>Click on the BMS application.</li> <li>Verify that you are redirected and logged in to BMS. </li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/K7F79E76H512/mceclip17.png" alt="mceclip17.png" class="embedImage-img importedEmbed-img"></img></p> <h2 data-id="setup-bms-sso">Setup BMS SSO</h2> <ol><li>In BMS, navigate to <strong>Admin > My Company > Auth and Provision</strong>.</li> <li>On the Single Sign On tab, click <strong>Upload Certificate</strong>.</li> <li>Select the Passly certificate you previously downloaded.</li> <li>Set <strong>Enable Single Sign On via SAML</strong> to Yes.</li> <li>Paste the Passly login url you copied above into the SAML Login Endpoint URL field. This enables user authentication with Passly from the BMS login page.</li> <li>Click <strong>Save</strong>.</li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/988LYKRJRKQ2/mceclip1.png" alt="mceclip1.png" width="412" height="346" class="embedImage-img importedEmbed-img"></img></p> <h2 id="h_01ECKXFBYJD5FFF3N6FX7WBS0P" data-id="enable-sso-for-employees">Enable SSO for Employees</h2> <ol><li>Navigate to HR > Employees.</li> <li>Select an employee.</li> <li>Under External Authentication Type, select SAML SSO.</li> </ol><p><img src="https://us.v-cdn.net/6032361/uploads/migrated/U5LNBDDCMYM4/mceclip0.png" alt="mceclip0.png" width="344" height="69" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p> </p> </article> </main>