Automox SAML Single Sign-On (SSO) integration

This topic describes how to configure Automox for SAML SSO in CyberArk Identity.

Automox SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

  • Just-in-time (JIT) provisioning

Prerequisites for Automox SSO

Before you configure Automox for SSO, make sure you have an account in Automox with administrator access.

Configure the Automox application template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the Automox application template for SSO.

Step 1: Add the Automox web application template.

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page.

  1. Click Trust to go to the Trust page.
  2. In the Identity Provider Configuration section, select Manual Configuration. Copy and save the Identity Provider URL, Identity Provider Login Page, and Loogout Landing Page. You will need this information when you configure Automox.

  3. Download the Signing Certificate for later use.

  4. In the Service Provider Configuration section, select Manual Configuration, then review the following pre-configured SAML settings and click Save after you finish.

    Setting Description

    SP Entity ID

    Copy this value from the Automox Entity ID field in Automox. For example:

    https://console.automox.com/saml/metadata

    Assertion Consumer Service (ACS) URL

    Copy this URL from the Automox ACS URL field in Automox. For example:

    https://console.automox.com/saml/acs?o=<company ID>

Step 3: Configure the SAML Response page.

  1. Verify the following attributes with the Automox attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column.

    Attributes are case-sensitive.

    Attribute Name Attribute Value
    firstName user.firstName
    lastName user.lastName

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure the Permissions page to grant Automox users SSO access.

Grant SSO access to Automox by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 5: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Automox for SAML single sign-on

Perform these steps in Automox to configure the Automox app template for SSO.

  1. Sign in to the Automox application with your administrator credentials.

  2. Go to Settings > Security.

  3. Under SAML, click Enable.

  4.  On the Configure SAML page, select Enable SAML for users of this zone.

  5. Perform the following actions.

    Field

    Action

    Automox ACS URL

    Automox Entity ID

    Copy these values. You need them for the Service Provider configuration in CyberArk Identity.
    Entity ID

    Paste the Identity Provider Entity ID/Issuer you copied from the Trust page, Identity Provider configuration.
    Login URL

    Enter the Single Sign On URL that you copied from the Trust page, Identity Provider configuration.
    Logout URL (Optional)

    Enter the Single Logout URL that you copied from the Trust page, Identity Provider configuration.
    x509

    Paste the certificate that you downloaded from the Identity Administration portal.

    (Optional) Provision New Users

    Select this option to enable just-in-time provisioning. A new account is created when users who are authorized to use Automox SSO attempt to log in.

  6. 5. Click Save Configuration.

Test the Automox SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Automox , Automox users can benefit from SP-initiated and IdP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk IdentityUser Portal with the user account you just added.

  2. Click the Automox application tile to launch Automox in a new tab and automatically sign in.

To test SP-initiated SSO:
  1. Go to your organization's Automox SSO URL.

  2. Enter your email address, then click Next.

  1. You are redirected to the IdP. After you successfully authenticate on the IdP, you are redirected back to Automox, which displays the web interface.

Additional information

See the following documentation for additional resources:

Security | Automox Knowledge Base

Enabling SAML SSO affects all users who use this application. Users will be able to access the application authenticating only through the identity provider (IdP). They will not be able to sign-in through their regular log-in page.