Single Sign On – Foldr as the Identity Provider (IdP)
As of release v22.214.171.124, Foldr can act as a SAML SSO Identity Provider (IdP) or Service Provider (SP)
When acting as the IdP, once a user has authenticated initially with Foldr, they can then automatically sign into other third party platforms such as Google G Suite or Office 365. Templates are also available for commonly used SPs or new SPs can be configured from scratch.
Once the IdP role has been enabled and configured, the Foldr administrator can enable each configured service to appear in the new ‘My Apps’ panel in the web interface to provide convenient links to pre-configured SSO services as shown below. If the user clicks the Service Provider (i.e. ClickView) they will be signed in automatically to that web based service.
Service Providers in the Web Interface
Enabling the Foldr IdP
You can enable the service from within Foldr Settings >> SSO >> Identity Provider
IMPORTANT – The Foldr appliance must be able to authenticate with the directory before attempting to add service providers. Check within Foldr Settings >> General >> Test Settings that users accounts can authenticate and that the service account is configured as below.
To add a Service Provider (SP), firstly ensure you are browsing Foldr Settings via the URL that the service provider will be connecting to (i.e. do not browse using the internal IP address or internal DNS hostname) and click + Add New Service Provider
Single Sign-On IdP Configuration Screen
Select the appropriate SP template as required or select NONE if you wish to configure a different third party SP that is not listed.
Once you have configured your new Service Provider, the administrator can present it to users by using the ‘Show in users’ My Apps‘ toggle within Foldr Settings >> SSO >> Add a Service >> Permissions tab
Instructions for Office 365 & G Suite are available under the Tools tab when you are configuring either service.
Any other third party service that supports SAML (SP) single sign-on can be added to the Foldr IdP and presented to users in the My Apps section of the web interface. Please ask the service provider for the required SAML configuration.