SSO provides a mean for enterprises to centrally manage and control users authentication and authorization,
by using SSO organizations reduce the administrative overhead of managing multiple authentication tokens for each user.
A user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords
Dome9 Central supports Single Sign On based on SAML 2.0 standard.
When SSO is enabled for a Dome9 account, each user may be configured to use SSO authentication (default) or a built in user authentication.
A user designated as an SSO user will:
- Have the password managed with the SSO solution provider,
thus, password reset in Dome9 will direct the user to reset the password at the IDP's (SSO Provider) site
- Have MFA enabled and managed with the SSO solution provider,
thus MFA will be disabled for this user in Dome9 Central
Dome9 Account Owner can't be configured for SSO,
This limitation exist as a failsafe in order to allow at least one user to be able to login to the Dome9 system if something went wrong with the SSO solution provider.
In order to use Dome9 SSO support:
- The organization must have SAML 2.0 SSO infrastructure in place
- Users must be provisioned in the identity provider's SSO application
- A Dome9 user with the exact same user identity email must be provisioned in Dome9
- The Dome9 user must be assigned privileges using Dome9's Users and Roles.
Integrating and configuring Dome9 for SSO is built on two main scenarios:
- Configuring the Dome9 account for SSO according the required setup
Setting Dome9 SSO with JumpCloud
Setting Dome9 SSO with OKTA
Configuring Shibboleth IDP as SSO provider for Dome9
Setting Dome9 SSO with ADFS
Setting Dome9 SSO with Generic_custom configuration
- Adding or Modifying existing users for SSO
Configuring SSO Users