Single Sign On – Foldr as the Identity Provider (IdP)

Posted on 4th January 2017

As of release v4.0.11.12, Foldr can act as a SAML SSO Identity Provider (IdP) or Service Provider (SP)

When acting as the IdP, once a user has authenticated initially with Foldr, they can then automatically sign into other third party platforms such as Google G Suite or Office 365.  Templates are also available for commonly used SPs or new SPs can be configured from scratch.

 

Once the IdP role has been enabled and configured, the Foldr administrator can enable each configured service to appear in the new ‘My Apps’ panel in the web interface to provide convenient links to pre-configured SSO services as shown below.  If the user clicks the Service Provider (i.e. ClickView) they will be signed in automatically to that web based service.

My Apps

my-apps

Service Providers in the Web Interface

my-apps3

Enabling the Foldr IdP

You can enable the service from within Foldr Settings >> SSO >> Identity Provider
IMPORTANT – The Foldr appliance must be able to authenticate with the directory before attempting to add service providers.  Check within Foldr Settings >> General >> Test Settings that users accounts can authenticate and that the service account is configured as below.

service-account-success
To add a Service Provider (SP), firstly ensure you are browsing Foldr Settings via the URL that the service provider will be connecting to (i.e. do not browse using the internal IP address or internal DNS hostname) and click + Add New Service Provider

Single Sign-On IdP Configuration Screen
sso-idp-general-settings

Select the appropriate SP template as required or select NONE if you wish to configure a different third party SP that is not listed.

 

Once you have configured your new Service Provider, the administrator can present it to users by using the ‘Show in users’ My Apps‘ toggle within Foldr Settings >> SSO >> Add a Service >> Permissions tab

my-apps2

Instructions for Office 365 & G Suite are available under the Tools tab when you are configuring either service.

sso-idp-instructions

Any other third party service that supports SAML (SP) single sign-on can be added to the Foldr IdP and presented to users in the My Apps section of the web interface.  Please ask the service provider for the required SAML configuration.

Need more help?

Get in touch with our friendly help desk who will be happy to assist you, support@foldr.io