Configure eLumen for SSO
Problem
You want to integrate eLumen with PortalGuard for Single Sign-On and/or Two-Factor Authentication.
Solution
Use our generic SSO template and follow the steps below to set up the SSO integration for eLumen.
Quick Navigation
Requirements
- Complete the PortalGuard SSO Pre-Requisites:
- Complete the CAS SSO Pre-Requisites
Install the Relying Party Template
- Remote into the PortalGuard server and shut down the Identity Provider Configuration Editor.
- Download the template file attached to this KB article and place it on your PortalGuard server in the following directory:
- Program Files\PistolStar\PortalGuard\Policies
- Open the Identity Provider Configuration Editor.
- Click on the SAML Websites tab.
- Verify the eLumen configuration now exists.
Modify the Relying Party Template
- From within the Identity Provider Configuration Editor, edit the new configuration file verified in the previous section.
- You may either double click the entry, or select the entry and then click the 'Edit' button.
- Navigate to the Identity Claims tab and validate that each claim is pulling the appropriate information.
- For LDAP environments, each claim will be configured to pull a certain field value for the user.
- For SQL environments, an SQL Query will be utilized with an expected return of the intended value.
- In either case, a 'Static' value may be utilized as well.
- On the General tab, ensure the 'Service Ids / URLs' section is configured correctly for your environment.
- Important Note: The 'Service ID/URL' for most CAS applications would be the root of the app. However, if the template includes a longer string, simply update the root and/or port present to match your environment.
- Navigate to the SSO Jump Page tab. Modify the 'Display Text', 'Help Text', 'Display Image', and 'Default Access URL' values according to the requirements for your environment.
- 'Display Text': The label for the Tile on the PortalGuard SSO Jump Page.
- 'Help Text': Context information that appears if the user hovers over the tile but does not click it.
- 'Display Image': Thumbnail to utilize for the tile on the PortalGuard SSO Jump Page.
- 'Default Access URL': This should be the URL on the CAS Application that initiates CAS SSO.
- 'Hide on SSO Jump Page': Select this box if you want to hide the tile on the SSO Jump Page (e.g. users should navigate to this website directly).
- Navigate to the Authorization tab and ensure the scope for this application matches the requirements for your environment.
- Important Note: If the 'Authorized Users' box is empty, that means all users will be able to see/utilize this SSO Integration. Otherwise, only the users/groups/OUs present will be able to see/utilize this SSO Integration.
- Click on the 'Save' button to commit your changes.
Configure eLumen to Use PortalGuard for SSO
IMPORTANT NOTE: The following steps are intentionally vague. Each application will require different configuration steps and these steps may change over time as the application grows and develops. If you experience a vastly different experience from what is below, please contact technical support via techsupport@portalguard.com to have this article updated. We recommend always confirming with configuration documentation specific to eLumen as well, to ensure no unwarranted mistakes are made.
- Login to the Administrative side of eLumen.
- Navigate to the SSO Settings.
- Point eLumen to the base URL for PortalGuard:
- https://YOUR.PG.URL
- Typically, the CAS Configuration will automatically append the '/cas' URL structure, but be sure to add that if it is not defined.
REV. 03/2019 | PortalGuard