Configure Dome9 SSO with a Generic / Custom configuration

In this topic:

    Configure the Dome9 account for SSO

    1. Login to Dome9 Central with a super user account

    2. Under the user's menu click Account Settings

    3. Select SSO.

    4. Click Enable.

    5. The SSO settings page opens. Fill the details in the screen below as provided in your SSO settings page.

      1. The example below was taken from OneLogin SSO settings:

        For OneLogin, the Account ID in SSO Configuration should be the same as the Dome9 Client ID in OneLogin.

      2. The example below was taken from Okta SSO settings:

    6. To view the certificate details, in your IDP's SSO setting application, under the certificate context click on view details to see the certificates BASE64 representation and copy it to the X.509 Certificate text area in Dome9 Central.

    7. Click Save

    8. The SSO settings will be saved to the account.

    9. The settings can be edited or disabled using the disable or edit buttons.

      Note: Disabling SSO will disable SSO settings for all users in the account and will issue a password reset invitation to all SSO users under the account.

    Configure SSO Users

    To configure SSO users in Dome9, please see Configure SSO Users

    Configure the IDP Custom Connector

    When using IDP custom application connector, the following details should be used:

    1. The SSO URL / ACS URL should be: yourcomapnyname is the Account ID string used In Dome's SSO configuration

    2. The Audience /Entity ID field should be:

    3. Assertion element should be signed (but not encrypted. Encryption is handled by the transport layer). Below is an example of Okta custom connector