Summary
This document will guide you through the steps to enable multi-factor authentication and Single-Sign On for ScreenSteps (http://www.screensteps.com/).
System Requirements
- PhenixID Authentication Server 2.0 or higher
- ScreenSteps installed
- ScreenSteps administration rights
Instruction
Overview
This document will guide you through the steps to enable multi-factor authentication and Single-Sign on for ScreenSteps.
PhenixID Server acting as SAML IdP
- Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
- Fetch the mail attribute for the user.
- Use mail as Name ID attribute.
- Go to Scenarios->Federation-> <newly_added_scenario> -> Identity Provider. Deselect “Require signed requests”. Save.
- Then export your SAML IdP metadata by going to the URL:
https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta
and download the metadata to a xml file. - Save the IDP Signing Certificate as a file (follow this instruction)
- Fetch the SingleSignOnService -> Location value.
- Fetch the SingleLogoutService -> Location value. [Optional]
Configure Screensteps
- Configure Screensteps by following this guide. Use the values from previous step to populate the screensteps form:
– Remote Login URL -> Step 7 above
– Log out URL -> Step 8 above [Optional]
– X.509 Certificate -> Step 6 above. - Save the screensteps SAML SP metadata, created in screensteps guide step 3, to a file.
Add trust to Screensteps on PhenixID Authentication Services
- Login to configuration manager
- Open Scenarios->Federation->SAML Metadata upload
- Click the plus sign
- Add screensteps SAML SP Metadata by uploading the screensteps saml sp metadata file.
Test
- Browse to your screensteps site
- Click Login
- This should result in a redirect to PhenixID Authentication Server
- Authenticate
- If authentication was successful, a redirect to ScreenSteps should occur (with SAML assertion)
- The user should now be logged in.
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se