Document toolboxDocument toolbox

Prerequisites for Configuring Access Authentication

Owned by Shirly Tsang
Last updated: Sept 06, 2024 by Gary Leicht
2 min read

Consider the following before you configure and enable access authentication:

  • Enabling the access authentication service might affect the existing DNS service. Contact Infoblox Technical Support for assistance in enabling the access authentication service. Once the service is enabled, all users will be redirected to the Access Authentication page for authentication before any DNS resolution can happen. Depending on what service is being synched, the administrator must have sufficient privileges to read Active Directory data. 
  • The access authentication service is available on virtual hosts and Infoblox Platform Endpoint only. The service is not supported on NIOS and physical B1-105 appliances.
  • Using Mozilla FireFox with IPv6 might cause connection issues when configuring access authentication. To fix the problem, disable IPv6 in FireFox.
  • Smart Redirect does not work when infoblox.com is included in the Internal Domains List.

Before you configure an authentication profile, ensure that you have successfully integrated an application with the selected third-party IdP using the protocol of your choice. The following are prerequisites for configuring access authentication: 

  • You must successfully create an application for the authentication protocol in the respective third-party IdP that you plan to integrate with Infoblox Platform. For information about how to set up applications for different IdPs, refer to the respective vendor documentation.
  • Ensure that you have properly configured group and claim attributes for the respective application in the IdP. For SAML, the SAML2.0 Assertion must contain the "groups" attribute. For OpenID Connect, the ID Token must contain the "groups" claim. You can also use an optional claim that matches the ".*email" regex, for displaying username in the security reports.
  • Copy all the Service Provider details in the Create Authentication Profile dialog of the Infoblox Portal. From the Infoblox Portal, click ConfigureAdministration > Access Authentication Add Configuration. Depending on the protocol you have chosen, copy the Entry ID and Assertion Consumer Service URL for SAML, and the Login Redirect URI for OpenID Connect. You can also download the metadata file for SAML to get all the required information. You need this information to create an application in the IdP.
  • From the IdP application, obtain the identity provider details, so you can enter the information to successfully create an authentication profile in Infoblox Platform. For SAML, obtain the Issuer, SSO URL, and Signing Certificate from the SAML application of your IdP. You can also use the metadata URL to get all the information in the XML file. For OpenID Connect, obtain the Client ID, Client Secret, and Issuer information from the OpenID Connect application.

See the following for a list of required parameters for each supported third-party IdP and protocol: