/
Configuring 3rd Party IdP
Document toolboxDocument toolbox

Configuring 3rd Party IdP

Owned by Shirly Tsang
Last updated: Sept 22, 2024 by Alex Mandel

The 3rd Party IDP page allows you to configure 3rd party IdP (identity provider) authentication for users with an email domain that matches the selected domain name. You can use the same IdP configuration to authenticate users from multiple domains, as long as the domains match the federated configuration. For more information, see Configuring IdP Authentication. The SSO Portal currently supports SAML2.0 standard complaint IdP providers, including Okta, Azure AD, and ForgeRock.

Important Note

Information about configuring SAML federation described in this topic is relevant only to Infoblox Platform services configurable through the Infoblox Portal. This information is not applicable to NIOS or the NIOS Grid. For information about how to authenticate admins using SAML in NIOS, see Authenticating Admins through SAML for NIOS 8.5 and /wiki/spaces/nios84/pages/44964771.

Note

If MFA (multi-factor authentication) is already activated for the selected domain, you cannot activate the 3rd party IdP until you have deactivated MFA for that domain.

To configure 3rd party IdP settings, complete the following:

  1. Configuring IdP Authentication
  2. Generate audience keys
  3. Create a SAML 2.0 Application for OKTA
    or
    Create a SAML 2.0 Application for Azure AD
    or
    Create SAML 2.0 Federation for ForgeRock
  4. Map IdP user groups to Infoblox Portal user groups
  5. Test 3rd party IdP authentication
  6. Activate 3rd party IdP authentication

You can also perform the following after you set up 3rd party IdP authentication: