Single Sign-on with Passly

Decommission Notice

There are two ways to authenticate with AuthAnvil (renamed Passly):

  • AuthAnvil Authenticator (called Legacy Authenticator in BMS)
  • Single Sign-on with Passly

AuthAnvil Authenticator was deprecated in November 2019 with the release of version 4.0.27. As of July 4, 2020, the current version is 4.0.34. AuthAnvil Authenticator is now scheduled for removal. All organizations must migrate to Passly Single Sign-on (SSO) by August 31, 2020. After this date, users will not be able to log in if your organization is using AuthAnvil Authenticator. See below for setup instructions for Single Sign-on with Passly.

mceclip0.png

Single Sign-on with Passly

This article covers how to configure BMS to authenticate users with Passly using SAML based Single Sign-On (SSO).

  1. Create Passly Group
  2. Add BMS to Passly
  3. Download Certificate
  4. Setup BMS SSO
  5. Enable SSO for Employees

Create Passly Group

You need to have a Passly user group to associate with the BMS SSO configuration.

  1. In Passly, navigate to Directory Manager > Groups.
  2. Click the '+' button to create a new group.
  3. Give a name to your group.
  4. Click the Add Group button.
  5. Add users to the group. 

Add BMS to Passly

  1. Navigate to SSO Manager.
  2. Click the '+' button followed by the book button.
  3. Search for 'Kaseya BMS' in the application catalog and select it. 
  4. Check Application is Enabled.
  5. Click Add Application.

mceclip6.png

Permissions

  1. Navigate to the Permissions tab.
  2. Click Add Group.
  3. Select the group you created previously.
  4. Click Add Groups.

Attribute Transformation

  1. Navigate to the Attribute Transformation tab.
  2. Remove the CompanyName attribute.
  3. Save your changes.
  4. Click Add Custom Attribute Map.
  5. Add back the CompanyName attribute, referencing your tenant name.
  6. Click Add Mapping.
  7. Save your changes. 

mceclip9.png

mceclip10.png

Protocol Setup

  1. Navigate to the Protocol Setup tab.
  2. For Assertion Consumer URL, change the base url to the base url of your BMS server. In the example below, the base url is na1bmspreview.kaseya.com.
  3. For Service Entity ID, change the base url to the base url of your BMS server. In the example below, the base url is na1bmspreview.kaseya.com.
  4. Save your changes.

mceclip11.png

Download Certificate 

  1. Navigate to the Signing and Encryption tab.
  2. Click Download.

mceclip14.png

Passly Application Assignment

  1. Navigate to Launchpad in the left menu.
  2. Right-click on the BMS application, and copy the link to a text pad.
  3. Click on the BMS application.
  4. Verify that you are redirected and logged in to BMS. 

mceclip17.png

Setup BMS SSO

  1. In BMS, navigate to Admin > My Company > Auth and Provision.
  2. On the Single Sign On tab, click Upload Certificate.
  3. Select the Passly certificate you previously downloaded.
  4. Set Enable Single Sign On via SAML to Yes.
  5. Paste the Passly login url you copied above into the SAML Login Endpoint URL field. This enables user authentication with Passly from the BMS login page.
  6. Click Save.

mceclip1.png

Enable SSO for Employees

  1. Navigate to HR > Employees.
  2. Select an employee.
  3. Under External Authentication Type, select SAML SSO.

mceclip0.png

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us