Foldr as a SAML Identity Provider (IdP)

With the release of server update v4.0.11.12, Foldr can act as a SAML v2 SSO Identity Provider (IdP) or Service Provider (SP)

When Foldr is configured as the IdP, once a user has signed into Foldr, they can automatically sign into other third party platforms web services as Google G Suite or Office 365 from a My Apps dashboard with a single click.   If a user isn’t signed into Foldr and they visit the integrated third party web server (Office 365 for example) they would enter their username and be redirected back to Foldr to authenticate via a dedicated SSO sign-in page.

Administrators can enhance the SSO user experience further for domain bound PCs and Macs by enabling Kerberos based SSO on the appliance along with the IdP component.  With Kerberos SSO enabled, a domain bound client is automatically signed into Foldr, and is therefore also automatically signed into Office 365 / Google G Suite etc.

Once the IdP role has been enabled and configured, the Foldr administrator can enable each configured service to appear in the new ‘My Apps’ panel in the web interface to provide convenient links to pre-configured services as shown below.  If the user clicks the Service Provider icon (i.e. Office 365) they will be signed in automatically to that web based service.  Admin templates are also available for commonly used services or other services can be configured from scratch.

My Apps

my-apps

Service Providers in the Web Interface

my-apps3

Enabling the Foldr IdP

You can enable the service from within Foldr Settings >> SSO >> Identity Provider
IMPORTANT – The Foldr appliance must be able to authenticate with the directory before attempting to add service providers.  Check within Foldr Settings >> General >> Test Settings that users accounts can authenticate and that the service account is configured as below.

service-account-success
To add a Service Provider (SP), firstly ensure you are browsing Foldr Settings via the URL that the service provider will be connecting to (i.e. do not browse using the internal IP address or internal DNS hostname) and click + Add New Service Provider

Single Sign-On IdP Configuration Screen
sso-idp-general-settings

Select the appropriate SP template as required or select NONE if you wish to configure a different third party SP that is not listed.

 

Once you have configured your new Service Provider, the administrator can present it to users by using the ‘Show in users’ My Apps‘ toggle within Foldr Settings >> SSO >> Add a Service >> Permissions tab

my-apps2

Instructions for Office 365 & G Suite are available under the Tools tab when you are configuring either service.

sso-idp-instructions

Any other third party service that supports SAML (SP) single sign-on can be added to the Foldr IdP and presented to users in the My Apps section of the web interface.  Please ask the service provider for the required SAML configuration.

Need more help?

Get in touch and we'll be happy to assist you, [email protected]

© Minnow IT. Registered in England and Wales with company number 07970411.

Made with in Bristol, UK

<