Automox SAML Single Sign-On (SSO) integration
This topic describes how to configure Automox for SAML SSO in CyberArk Identity.
Automox SSO supported features
This application template supports the following features:
Just-in-time (JIT) provisioning
Prerequisites for Automox SSO
Before you configure Automox for SSO, make sure you have an account in Automox with administrator access.
Configure the Automox application template in the Identity Administration portal
Perform these steps in the Identity Administration portal to configure the Automox application template for SSO.
Step 1: Add the Automox web application template.
In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.
On the Search page, enter the application name in the Search field and click the search button.
Next to the application name, click Add.
On the Add Web App page, click Yes to confirm.
Click Close to exit the Application Catalog.
The application opens to the Settings page.
Step 2: Configure the Trust page.
- Click Trust to go to the Trust page.
- In the Identity Provider Configuration section, select Manual Configuration. Copy and save the Identity Provider URL, Identity Provider Login Page, and Loogout Landing Page. You will need this information when you configure Automox.
Download the Signing Certificate for later use.
In the Service Provider Configuration section, select Manual Configuration, then review the following pre-configured SAML settings and click Save after you finish.
SP Entity ID
Copy this value from the Automox Entity ID field in Automox. For example:
Assertion Consumer Service (ACS) URL
Copy this URL from the Automox ACS URL field in Automox. For example:
Step 3: Configure the SAML Response page.
Verify the following attributes with the Automox attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column.
Attributes are case-sensitive.
Attribute Name Attribute Value firstName user.firstName lastName user.lastName
Map any other attributes that you want to pass in the SAML response, then click Save.
Step 4: Configure the Permissions page to grant Automox users SSO access.
Grant SSO access to Automox by assigning permissions to users, groups, or roles.
On the Permissions page, click Add.
Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.
The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.
Select the permissions you want and click Save.
Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.
Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.
Step 5: Review and save.
Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.
Configure Automox for SAML single sign-on
Perform these steps in Automox to configure the Automox app template for SSO.
Sign in to the Automox application with your administrator credentials.
Go to Settings > Security.
Under SAML, click Enable.
On the Configure SAML page, select Enable SAML for users of this zone.
Perform the following actions.
Automox ACS URL
Automox Entity ID
Copy these values. You need them for the Service Provider configuration in CyberArk Identity.
Paste the Identity Provider Entity ID/Issuer you copied from the Trust page, Identity Provider configuration.
Enter the Single Sign On URL that you copied from the Trust page, Identity Provider configuration.
Logout URL (Optional)
Enter the Single Logout URL that you copied from the Trust page, Identity Provider configuration.
Paste the certificate that you downloaded from the Identity Administration portal.
(Optional) Provision New Users
Select this option to enable just-in-time provisioning. A new account is created when users who are authorized to use Automox SSO attempt to log in.
5. Click Save Configuration.
Test the Automox SSO configuration
Now that you have finished configuring the application template settings in the Identity Administration portal and Automox , Automox users can benefit from SP-initiated and IdP-initiated SSO.
Sign in to CyberArk IdentityUser Portal with the user account you just added.
Click the Automox application tile to launch Automox in a new tab and automatically sign in.
- Go to your organization's Automox SSO URL.
Enter your email address, then click Next.
You are redirected to the IdP. After you successfully authenticate on the IdP, you are redirected back to Automox, which displays the web interface.
See the following documentation for additional resources:
Security | Automox Knowledge Base
Enabling SAML SSO affects all users who use this application. Users will be able to access the application authenticating only through the identity provider (IdP). They will not be able to sign-in through their regular log-in page.