Getting the Level Platforms (LPI) Managed Workplace SSO Module
Download the Level Platforms SSO Module from the Scorpion Software Download Site to your Managed Workplace server and unzip it.
AuthAnvil Single Sign On Configuration
- From the Managed Workplace Server, log into the AuthAnvil Manager and navigate to the Single Sign On tab.
- Click the Applications panel and click New Application.
- Click the Edit Attribute Maps button at the top of the page and verify that the following attribute is listed:
- Close the Attributes window.
- Configure the application settings to your Service Center URL:
- Enabled: Checked
- Display Name: Service Center
- Reply To URL: http(s)://ManagedWorkplaceServer/SC/ssoLogin.aspx
- Audience URI: http(s)://ManagedWorkplaceServer/SC/
- Protocol: IdP-Init
- Token Lifetime: 480 Minutes
- NOTE: If you are running SSO v3.5 or later, expand Advanced Protocol Settings and uncheck the Sign Assertion box.
- If you do not already have the AuthAnvil SSO certificate available, download the SSO Certificate by clicking Download Certificate in the Certificate Authority section. We will need this file for a later step.
- Click Save Changes.
- Add the AuthAnvil Two Factor Auth Manager application to the appropriate roles by clicking on a role, expanding the Accessible Applications tab and dragging the Two Factor Auth app from the right-hand side to the left-hand side.
Managed Workplace Configuration
- Navigate to the Managed Workplace Service Center installation directory, typically located at C:\Program Files (x86)\Level Platforms\Service Center\sc.
- Copy the following files to the SC installation directory (Level Platforms\Service Center\sc):
- the ssoLogin.aspx file from the SSO download package
- the certificate that you downloaded from the SSO server
- Copy the following files from the download packages bin directory to the SC bin directory (Level Platforms\Service Center\sc\bin):
- Run notepad (make sure to run it elevated if you are running Windows Server 2008 or later) and open Service Centers web.config file, typically located at C:\Program Files (x86)\Level Platforms\Service Center\sc\web.config.
- Immediately after the root <configuration> tag, add the following:
< identityProvider idpSigningCertificate="SSOSIGNINGCERTIFICATE" />
< serviceProvider persistSessionCookie="false" />
Where SSOSIGNINGCERTIFICATE is the full file name (e.g. "CN = Cert.cer") of the certificate that you downloaded from the SSO server and placed in the Service Center Directory.
- In the <configSections> tag, add the following line:
<section name="scorpionSoft.IdentityModel" type=ScorpionSoftware.AuthAnvil.SSO.ManagedWorkplaceSSO.Configuration.SamlConfigurationSection, ManagedWorkplaceSSO />
- Also in the root <configuration> tag, add the following <location> directive:
< allow users="*" />
- In the <modules> section of the <system.webServer> section, add the following to the bottom of the list of modules:
<add name="SSOLogOutInterceptModule" type="ScorpionSoftware.AuthAnvil.SSO.ManagedWorkplaceSSO.LogOutInterceptModule, ManagedWorkplaceSSO" preCondition="integratedMode" />
- In the <appSettings> tag, add the following setting, where https://yourauthanvilserver is the location of your AuthAnvil SSO server:
<add key="IdPUri" value="https://yourauthanvilserver/SSO/" />
- Save changes and close the file.
- Run an IISReset to make sure that the new configuration is loaded.
Once the installation is complete, you should test that everything is working as expected. This can be accomplished by logging into the SSO web site using a user that is configured for SSO to Managed Workplace and attempting to log on to Managed Workplaces Service Center.
- Log out of all existing Managed Workplace sessions.
- Log into the SSO Portal at http(s)://<yourauthanvilserver>/authanvil/sso using a user that is configured to use SSO for Managed Workplace.
- Click on the Managed Workplace icon, a new window will open and attempt to Single Sign On into Managed Workplaces Service Center.
- If the SSO login succeeds, you will be left at the Service Center dashboard. If the login fails, double-check your configuration against this guide.
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .