AuthAnvil Single Sign On Configuration
- Log into the AuthAnvil Manager and navigate to the Single Sign On tab.
- Click the Applications panel and click Password Server.
- Configure the application settings as follows:
- Enabled: Checked
- Display Name: Password Server
- Reply To URL: http(s)://<yourAAPSserver.com>/aaps/ssologin.aspx
- Audience URI: uri:authanvil:passwordserver
- Protocol: SP-Init Redirect
- Token Lifetime: 480 Minutes
- If you do not already have the AuthAnvil SSO certificate available, download the SSO Certificate by clicking Download Certificate in the Certificate Authority section. We will need this file for a later step.
- Click Save Changes.
- Add the AuthAnvil Password Server application to the appropriate roles by clicking on a role, expanding the Accessible Applications tab and dragging the Password Server app from “Available Applications” down to “Applications Accessible by Role”.
AuthAnvil Password Server Single Sign On Configuration
- If you are not still logged in from previous steps, log into your AuthAnvil Password Server.
- Click the Settings tab, then the AuthAnvil Two Factor Auth Settings panel.
- Click the Single Sign-On Settings button to open the SSO configuration panel.
- Check the Enable Single Sign On box to enable SSO.
- Fill in the following information for your AuthAnvil SSO server:
- Issuer: (This is found in AuthAnvil Manager > Single Sign On > Server Settings tab. Copy the Token Issuer Name) http(s)://<your2FAserver.com>/AuthAnvil/SSO/Trust/site1
- Identity Provider Login URL: http(s)://<your2FAserver.com>/SSO/logon.aspx
- Identity Provider Logout URL: http(s)://<your2FAserver.com>/SSO/authorizedapps.aspx
- Click “Import New SSO Certificate” and upload the certificate taken from Step #4 in the SSO application configuration above. Click Import Certificate when you have the certificate selected. This certificate must be an exact match to the current SSO certificate.
- After importing the certificate, click Save Changes at the bottom of the page.
Once the installation is complete, you should test that everything is working as expected.
- Log out of all existing AuthAnvil Password Server sessions before logging in.
- Log into the SSO Portal at http(s)://2FAserver/SSO with a user that is enabled for SSO and is a member of a role that has access to the Password Server application.
- After logging in to SSO, click on the Password Server tile to log in.
- If the SSO login succeeds, you will be left at the AuthAnvil Password Server dashboard. If the login fails, double-check your configuration against this guide.