Single Sign-On is the authentication scheme for npc and all supported data sources. Once they are authenticated to npc, users can navigate the console and registered data sources without signing in again.
Single Sign-On is the
NetOps Portalcomponent that supports Single Sign-On (SSO). It is the authentication scheme for
NetOps Portaland all supported data sources. After the data sources are authenticated to
NetOps Portal, users can navigate the console and registered data sources without having to sign in again.
Enabling the navigation of multiple product interfaces ensures a seamless drilldown experience for operators analyzing performance and status data. For example, if a user logs in to
NetOps Portaland follows a drilldown path to the data source interface, that user does not log in again.
NetOps Portaluses a distributed architecture. When you install a data source or
NetOps Portalon a server, the Single Sign-On website is also automatically installed. The distributed architecture lets users log in to data source products by logging in to the servers where these products are running.
In this article:
Authentication and Security
Single Sign-On provides authentication services to
NetOps Portaland supported data sources. It also supports external authentication schemes, such as Lightweight Directory Access Protocol (LDAP) and Security Assertion Markup Language (SAML) 2.0. This support lets you integrate
NetOps Portaland other applications into the same authentication scheme, enterprise-wide.
When a user is required to enter a username and password, Single Sign-On security auditing logs information about who is logging in, and at what time of day. On Linux servers, Single Sign-On saves this log in the
Single Sign-On loginpage supports user authentication in
NetOps Portaland in the data source products. Single Sign-On supports the following authentication methods:
- Product authentication, which is based on user accounts
- SAML 2.0
NetOps PortalAdministrator can modify settings for an individual instance of Single Sign-On. For example, you can set up LDAP authentication in Single Sign-On. You can also configure optional encryption with Secure Sockets Layer (SSL) or change the default virtual directory.
As a result of the distributed architecture, any updates to the Single Sign-On website affect only those data source products that are running on the same server.
Supported Data Sources
Single Sign-On supports the following data sources:
- Data aggregator
- Network Flow Analysis
- CA Application Delivery Analysis
- CA Unified Communications Monitor
The Single Sign-On Configuration Tool
The Single Sign-On (SSO) Configuration tool (SSOConfig) is a command-line utility that Administrators can use to adjust the settings for the Single Sign-On website and the associated data source. This tool runs on Linux systems, but you can also deploy it on the Windows servers where data sources are installed.
On Linux, the configuration tool is installed in the
directory. You can send configuration instructions to data sources that are running on Windows by entering the
1. Remote Valueoption when prompted by the configuration tool.
On Windows servers where data sources are installed, the configuration tool is installed in the
directory. On Windows servers where data sources are installed, log in as an Administrator on that server.
You can perform the following tasks using this tool:
- Enable LDAP authentication.For more information, see Enable LDAP Authentication.
- Validate the current LDAP settings.For more information, see Validate LDAP Settings.
- Update the virtual directory for the Single Sign-On website that each data source references.If you added an encryption scheme or if you updated the virtual directory for the Single Sign-On website, you can synchronize the data sources using this tool. For example, data sources on the modified server need instructions on where to redirect users who do not successfully authenticate.For more information, see Configure the Single Sign-On Security Settings.
- Configure theNetOps Portalsecurity settings, such as enabling Single Sign-On spoofing protection.For more information, see Configure the DX NetOps Security Settings Using the SSO Configuration Tool.
- Enable FIPS-compliant encryption and hashing algorithms (where applicable).You can configureDX NetOps Performance Managementto use FIPS-compliant encryption and hashing algorithms using the configuration tool.For more information, see Enable FIPS-Compliant Encryption.
- Add custom HTTP headers.For enhanced security, you can configureNetOps Portalto meet you desired level of security by adding custom HTTP headers. You add HTTP headers using the SSO Configuration tool.For more information, see Add Custom HTTP Headers.