Problem

You want to integrate eLumen with PortalGuard for Single Sign-On and/or Two-Factor Authentication.

1. Remote into the PortalGuard server and shut down the Identity Provider Configuration Editor.
2. Download the template file attached to this KB article and place it on your PortalGuard server in the following directory:
   • Program Files\PistolStar\PortalGuard\Policies
3. Open the Identity Provider Configuration Editor.
4. Click on the SAML Websites tab.
5. Verify the eLumen configuration now exists.

Modify the Relying Party Template

1. From within the Identity Provider Configuration Editor, edit the new configuration file verified in the previous section.
   • You may either double click the entry, or select the entry and then click the 'Edit' button. 
2. Navigate to the Identity Claims tab and validate that each claim is pulling the appropriate information.
   • For LDAP environments, each claim will be configured to pull a certain field value for the user.
   • For SQL environments, an SQL Query will be utilized with an expected return of the intended value. 
   • In either case, a 'Static' value may be utilized as well. 
3. On the General tab, ensure the 'Service Ids / URLs' section is configured correctly for your environment.
   • Important Note: The 'Service ID/URL' for most CAS applications would be the root of the app.  However, if the template includes a longer string, simply update the root and/or port present to match your environment. 
4. Navigate to the SSO Jump Page tab.  Modify the 'Display Text', 'Help Text', 'Display Image', and 'Default Access URL' values according to the requirements for your environment.
   • 'Display Text': The label for the Tile on the PortalGuard SSO Jump Page.
   • 'Help Text': Context information that appears if the user hovers over the tile but does not click it. 
   • 'Display Image': Thumbnail to utilize for the tile on the PortalGuard SSO Jump Page. 
   • 'Default Access URL': This should be the URL on the CAS Application that initiates CAS SSO.
   • 'Hide on SSO Jump Page': Select this box if you want to hide the tile on the SSO Jump Page (e.g. users should navigate to this website directly).
5. Navigate to the Authorization tab and ensure the scope for this application matches the requirements for your environment. 
   • Important Note: If the 'Authorized Users' box is empty, that means all users will be able to see/utilize this SSO Integration.  Otherwise, only the users/groups/OUs present will be able to see/utilize this SSO Integration. 
6. Click on the 'Save' button to commit your changes. 

Configure eLumen to Use PortalGuard for SSO

IMPORTANT NOTE: The following steps are intentionally vague.  Each application will require different configuration steps and these steps may change over time as the application grows and develops.  If you experience a vastly different experience from what is below, please contact technical support via techsupport@portalguard.com to have this article updated.  We recommend always confirming with configuration documentation specific to eLumen as well, to ensure no unwarranted mistakes are made. 

1. Login to the Administrative side of eLumen. 
2. Navigate to the SSO Settings.
3. Point eLumen to the base URL for PortalGuard:
   • https://YOUR.PG.URL
     • Typically, the CAS Configuration will automatically append the '/cas' URL structure, but be sure to add that if it is not defined.  

REV. 03/2019 | PortalGuard