icon-unified.svg
Experience Center

Configuration Guide for Gemalto SafeNet Authentication Manager

This guide provides information on how to set up Gemalto SafeNet Authentication Manager (SAM) as a IdP for Private Applications.

Prerequisites

Ensure that you have the following:

  • Admin privileges on the system where Gemalto SAM is installed
  • A Private Applications account with an administrator role that allows you to add an IdP Configuration

Configuring SAM for SSO

To configure SAM as the IdP for Private Applications user and admin SSO:

    1. On a Windows system, go to Start > All Programs >SafeNet > SafeNet Authentication Manager > Policy Management.

    The Active Directory Users and Computers window appears.

    1. In the Active Directory Users and Computers window, right-click on the directory name (e.g., rupizscaler.com) and select Properties.

    1. In the window that appears, go to the Token Policy tab and click Open.

    1. In the window that appears, select the Token Policy Object Link you want to modify (e.g., Default policy) and click Edit.

    The Token Policy Object Editor window appears.

    1. In the Token Policy Object Editor window, in the left pane, scroll down to and expand Protected Application Settings.

    1. Select User Authentication, then double-click on Application Authentication Settings in the right pane.

    The Application Authentication Settings Properties window appears.

    1. In the Application Authentication Settings Properties window, make sure that Enabled is selected, then click Definitions....

    1. In the window that appears, right-click on Application Authentication Settings and select Create a new profile.

    1. Right-click on the newly created profile (e.g., Profile1) and select Rename.

    In this example, we've named the profile zscaler.

    1. In the right pane for the profile, double-click on a Policy to enter the proper Policy Setting value:
      • Application issuer: Enter the service provider (i.e., Zscaler) entity ID for user or admin SSO. A Service Provider Entity ID is provided for you when you configure a new IdP configuration in the Admin Portal. This ID is specific to your IdP.

      • SAM issuer: Enter the entity ID for SAM, which can be any string. When you are configuring the IdP for SSO within the Admin Portal, the ID you specify here must be entered into the IdP Entity ID field. For example, we configured the entity ID as sam, so it would be entered as sam for the IdP Entity ID field within the Admin Portal.

        In the image below, our zscaler profile specifies the SAM issuer as sam.

        So, for the IdP configuration for SAM within the Admin Portal, we must specify the IdP Entity ID as sam.
        Add IdP Configuration window with IdP Entity ID field

        Close

      • Application's login URL: Enter the service provider (i.e., Zscaler) single sign-on URL for user or admin SSO. A Service Provider URL is provided for you when you configure a new IdP configuration in the Admin Portal. This URL is specific to your IdP.
      • Audience URI: Enter the service provider (i.e., Zscaler) entity ID for user or admin SSO. This is the same Service Provider Entity ID you entered for Application issuer above.
      • User mapping: Select the appropriate mapping as per your IdP configuration (e.g., eMail).
      • OTP authentication: If your users are using one-time password (OTP) authentication, then make sure that this setting is Enabled.

    All other settings (i.e., Automatic Windows authentication, Certificate-base authentication, etc.) can remain Not Defined.

    1. Click Apply, then OK.
    2. Click OK in any other open windows to save your changes.
    Close
    1. On a Windows system, go to Start > All Programs > SafeNet > SafeNet Authentication Manager > Configuration Manager.
    2. In the Configuration Manager window, from the Action menu select Cloud Configuration....
    3. In the Cloud Settings window, go to the Info for Service Provider tab.
      1. Make note of the Sign-in page URL for SAM.
      2. Click Export Certificate... to download the certificate used by SAM for signing SAML assertions.

    Also, be sure to take note of the entity ID you specified in step 1j for the procedure above. You will need this metadata information when configuring SAM as an IdP for SSO within the Admin Portal.

    This procedure references SAM version 8.2 as an example, other SAM versions allow you to export the metadata from this window.

    1. Go to the Admin Portal and complete the IdP configuration set up.
    Close

After configuring your IdP, be sure to verify the Private Applications to SAM configuration.

Related Articles
Configuration Guide for Gemalto SafeNet Authentication ManagerConfiguration Guide for Microsoft ADFS 2.0 and 3.0Configuration Guide for Microsoft Azure ADConfiguration Guide for OktaConfiguration Guide for OneloginConfiguration Guide for Ping Identity PingOne