Online Help

SafeNet Trusted Access for SolarWinds NPM

Overview

The application template provides the ability to enable single sign-on for users accessing the SolarWinds Network Performance Monitor (NPM) application through SafeNet Trusted Access.

The following use cases can be configured for SolarWinds NPM:

SP-initiated SSO

IdP-initiated SSO

Configuring SafeNet Trusted Access for SolarWinds NPM is a three-step process:

1.SolarWinds NPM setup

2.SafeNet Trusted Access setup

3.Verify authentication

SolarWinds NPM Setup

Following are the prerequisites for SolarWinds NPM Setup:

SolarWinds NPM v12.5 is installed and configured.

Download the Identity Provider certificate from the from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps below:

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in SolarWinds NPM:

1.Log in to the Orion Web Console as an administrator using the URL “<Orion Web Console External URL>/Orion/Login.aspx”, where <Orion Web Console External URL> is the external URL of the main Orion Web Console.
For example, https:// WIN-JITK3RL4DR1/Orion/Login.aspx

2.On the dashboard, click the SETTINGS tab and then click All Settings.


3.Under Main Settings & Administration, scroll down until you see USER ACCOUNTS, and then click SAML Configuration.


4.Under SAML Configuration, click ADD IDENTITY PROVIDER.


5.In the Add Identity Provider wizard, perform the following steps:

a.On the Enter Orion URL page, in the Orion Web Console External URL field, ensure that the Orion Web Console External URL is correct. Copy this URL.
For example, https://WIN-JITK3RL4DR1


b.In a text editor, paste the Orion Web Console External URL which you had copied in the previous step. You will need this URL while configuring SafeNet Trusted Access.

c.Click NEXT.

d.On the Prepare IdP page, click NEXT.


e.On the Configure page, perform the following steps:

In the Identity Provider Name field, enter an IDP name that will be displayed on the login page (for example, SafeNet IDP).

In the SSO Target URL field, enter the SingleSignOnService URL that is provided on the SafeNet Trusted Access console.
On the STA console, you can copy this URL by clicking on the Copy to Clipboard icon available next to the SingleSignOnService field.

In the Issuer URI field, enter the Issuer/Entity ID that is available on the SafeNet Trusted Access console.
On the STA console, you can copy this URL by clicking on the Copy to Clipboard icon  available next to the Issuer/Entity ID field.

In a text editor, open the identity provider certificate that you downloaded earlier from the STA console. Copy the entire certificate content.

In the X.509 Signing Certificate field, paste the identity provider certificate that you copied in the previous step.

Click SAVE.


6.Under SAML Configuration, ensure Use SAML as login method for SolarWinds option is enabled.


Creating SAML individual account in Orion Web Console

1.On the dashboard, click the SETTINGS tab, and then click All Settings.

2.Under Main Settings & Administration, scroll down until you see USER ACCOUNTS, and then click Manage Accounts.

3.Under Manage Accounts, on the INDIVIDUAL ACCOUNTS tab, click ADD NEW ACCOUNT.

4.On the SELECT TYPE tab, click SAML individual account and then, click NEXT.

5.On the ENTER ACCOUNT INFO tab, in the Name ID field, enter the username of the user who will be accessing the Orion Web Console using SAML authentication.
For example, test.user@domain.com

Note:  For successful SSO, the Orion Name ID value should match with the email address in identity provider.

6.Click NEXT.

7.On the DEFINE SETTINGS tab, scroll down, and click SUBMIT.

Creating SAML group account in Orion Web Console

1. On the dashboard, click the SETTINGS tab, and then click All Settings.

2.Under Main Settings & Administration, scroll down until you see USER ACCOUNTS, and then click Manage Accounts.

3.Under Manage Accounts, on the INDIVIDUAL ACCOUNTS tab, click ADD NEW ACCOUNT.

4.On the SELECT TYPE tab, click SAML group account and then, click NEXT.

5.Under ENTER ACCOUNT INFO tab, in the SAML Group field, enter the group name; users belong to this group will be accessing Orion Web Console using SAML authentication.
For example, samlgroup

Note:  For successful SSO, Orion SAML Group name should match with the group name in identity provider.

6.Click NEXT.

7.On the DEFINE SETTINGS tab, scroll down, and click SUBMIT.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Application, the second step is to activate the SolarWinds NPM application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane on the left, you will notice that the SolarWinds NPM application that you added previously is currently in inactive state, by default. To configure and activate this application, click the application (for example, SolarWinds NPM) and proceed to the next step.

2.Under STA Setup, perform the following steps:

a.In the ORION WEB CONSOLE EXTERNAL URL field, enter the external URL of the main Orion Web Console which you had pasted in a text editor in Step 5(b) of SolarWinds NPM Setup.
For example, https://WIN-JITK3RL4DR1

b.In the NAME ID field, ensure that Email address is selected.

c.Under Return Attributes, ensure OrionGroups is added.

3.Click Save Configuration to save the details and activate the SolarWinds NPM application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Orion Web Console login URL, <Orion Web Console External URL>/Orion/Login.aspx, where <Orion Web Console External URL> is the external URL of the main Orion Web Console.
For example, https:// WIN-JITK3RL4DR1/Orion/Login.aspx

Click LOGIN WITH <IDP Name>, where <IDP Name> is the name of the IDP that will be displayed on the login page (for example, SafeNet IDP). You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Orion Web Console after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the SolarWinds NPM application icon. You should be successfully logged in to the Orion Web Console after authentication.

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.