Document toolboxDocument toolbox

Endpoint SSO Authentication

Owned by Gary Leicht
Last updated: Sept 06, 2024
2 min read

Infoblox Endpoint SSO authentication allows users to log in to the Infoblox Portal by using Single Sign-On (SSO). This grants or blocks access to sites according to a security policy defined for the username and user group associated with the authentication profile.

Applying Infoblox Endpoint SSO authentication is a four-step process:

  1. In the Infoblox Portal, configure the authentication settings for a user profile. For information on creating an authentication profile for use with SSO, see Configuring Authentication Profiles.

NOTE

SERVICE PROVIDER DETAILS: Service provider details mentioned on the Configuring Authentication Profile document page are only applicable for the Access Authentication service running on DNS Forwarding Proxy and do not apply to Infoblox Endpoint SSO authentication. To get the SERVICE PROVIDER DETAILS for Infoblox Endpoint SSO authentication. refer to Step 2, below. 

2, In the Authentication Settings panel, select SAML SERVICE PROVIDER from the drop-down list ( Endpoint Group > Authentication Settings > Select the Authentication Profile).
3. After selecting the authentication profile, the SAML SERVICE PROVIDER DETAILS will appear. Copy the URLs in this section and add  to the SERVICE PROVIDER DETAILS in the IDP.



Image: The Authentication Settings and SAML Service Provider Details panels 

4. Synchronize the user groups from the IDP by configuring and creating a security policy  using the User Groups synchronized from the IDP. For information, see Synchronizing User Groups.
5. Add User Groups as the Network Scope in the security policy. Make sure that this security policy has higher precedence than that of the policy where the Endpoint Group has been added. For information, see Configuring Security Policies.
6. Successfully complete the Infoblox Endpoint sign-in and sign-out process. 

Infoblox Endpoint Sign-in and Sign-out Process

To access and finalize the authentication process, do the following:

  1. Click the Infoblox Endpoint icon > SSO Sign In. Your browser should open a web page with an identity provider (IdP) requesting your account credentials.
  2. After submitting credentials, the browser should redirect you to the page with the following message: Hello, <user>! You can close this page.
  3. Upon successful login, the SSO Sign In button will change to SSO Sign Out.

To log out, do the following:

  1. Click Infoblox Endpoint icon > SSO Sign Out.
  2. After successfully signing in on the greeting page, log out of the system by clicking the Log Out button in the browser window.
  3. Authentication will expire automatically after the Session TTL period has expired.

Enabling Seamless SSO

Seamless SSO is supported for AzureAD OpenID Connect on Windows machines. To Enable seamless SSO, access must be granted to the User Read API for the configured application. In addition, admin consent on behalf of all users must be provided, i.e., Azure Portal. To grant admin consent, navigate to API Permissions > Locate User.Read.All Permission > Check > Grant Admin Consent.