Authenticating Users Using SAML

NetMRI uses the SAML (Security Assertion Markup Language) 2.0 authentication type for Single-Sign-On. SAML provides a standard vendor-independent grammar and protocol for transferring information about a user from one webserver to another, independent of the server DNS domains. By enabling SAML, user management is delegated to an external application, thus relieving IT administrators of the complexity of maintaining user accounts in all the applications (also known as Service Providers) being used by the organization. Instead, IT administrators need to maintain one account in the Identity Provider (IDP) which can be used across Service Providers (SPs). IDP is the application server that maintains the user accounts of the entire organization. IT administrators can manage users' access rights in one place. Your organization's users can log in to the IDP directly and once logged in, they are transferred towards NetMRI as the Service Provider, without being prompted for the user ID and password.

NetMRI supports the following Identity Providers:

• Azure SSO

• Okta

• Ping Identity

• Shibboleth SSO

• Others

If the SAML authentication service is configured for your organization, the NetMRI login form displays the corresponding button under Authenticate via SSO. Clicking on the button redirects you to the Identity Provider authentication page. After successfully authenticating on the Identity Provider side, you automatically return to NetMRI. Additionally, the NetMRI SAML service supports Just-in-Time (JIT) Provisioning and Single Log Out (SLO).

When the SAML service is activated, NetMRI still provides its standard login methods. If SAML authentication is disrupted, use standard ways to log in.