Note: This configuration assumes you are able to launch the AuthAnvil Password Server from your SSO Portal. Follow these steps to configure AAPS with AuthAnvil Single Sign On.
Through a developer API in AuthAnvil Password Server we provide configuration for third-party password access. In AuthAnvil Single Sign On, we made use of this API to bring your RDP- and Web-enabled passwords from AAPS right into your AuthAnvil Single Sign On Portal.
The end result of this configuration is the ability to launch an RDP session or a forms-based website from AuthAnvil Single Sign On, and automatically log in to that resource using the credentials from AuthAnvil Password Server
Configuring SSO for Third-Party Password Access
AuthAnvil Single Sign On will only access passwords meeting all of these criteria:
- Password has RDP Connection Policy (Windows password type) or is Enabled for Web Launching (Web Password type)
- Your account in AAPS has Launch permissions to the vault containing the password
- If you have Requires Approval permissions, you most have received approval from an admin to access that password
Note: In order to automatically log into web content you must have a Web Workflow configured in the AuthAnvil Password Server. See the AuthAnvil Password Server Installation Guide for more information about Web Syncing and workflow configuration.
First you need to configure the secure connection between AuthAnvil Single Sign On and AuthAnvil Password Server. This is established using 2 certificates generated by AAPS.
- Log in to AuthAnvil Password Server as an Organization Administrator
- Click on the External Settings tab
- Under Third Party Certificates provide a name for your certificate in the Unique Identifier (i.e. SSO Certificate) and select AuthAnvil SSO Certificate from the dropdown
- Click Create Certificate to generate the SSO certificate
- From the list of certificates, click the name of the CN matching your SSO certificate and save it to your machine
- Download the Service Certificate by clicking Download Service Certificate and save this to the same location
Now that we have both certificates generated, we need to import them into the Password Server app inside AuthAnvil Single Sign On. This step assumes you have already configured the standard Password Server application as outlined above.
- Log in to the AuthAnvil Manager and click on the Single Sign On tab
- Expand the Applications panel and click on Password Server
- Expand the Password Server Configuration panel and upload the respective certificates:
Service Certificate requires the Service Certificate and the Client Credential requires the SSO Certificate (no PFX password is required)
- After uploading each certificate click Save Changes
Now that a secure connection has been created, log out and log back in to AuthAnvil Single Sign On. Any passwords that meet the Password Requirements above should now display in your AuthAnvil SSO portal as web launch icons. If the Workflow is configured correctly, clicking on a website icon should launch the page and automatically log you in.
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .