SolarWinds Cloud SAML Single Sign-On (SSO) integration

This topic contains procedures to configure SolarWinds Cloud for Single Sign-On (SSO) in CyberArk Identity using SAML.

SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

Before you begin

  • In SolarWinds Cloud application, make sure you are able to able to access an admin account.

  • Add SSO users to the SolarWinds Cloud application.

Configure the SolarWinds Cloud app template in the Identity Administration portal

Step 1: Add the SolarWinds Cloud web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure Trust settings

  1. Go to the Trust tab.

  1. In the Identity Provider Configuration section, select Metadata. Copy and save the values in the following fields: IdP Entity ID, SAML URL, Single Logout URL. Download the certificate.

    This information is used later when you configure the SAML integration in SolarWinds Cloud.

  2. In the Service Provider Configuration section, select Manual Configuration. In the SolarWinds Cloud application, go to Settings > Organization Settings > Security and select SAML. Copy the following values and paste them into their corresponding fields in CyberArk Identity. Click Save after you finish.

    Service provider settings
    Name in CyberArk Identity Name in SolarWinds Cloud

    SP Entity ID

    		 Entity ID

    Assertion Consumer Service (ACS) URL

    		 ACS URL
    Single Logout URL Logout URL

Step 3: Configure the SAML response

  1. Configure the following attributes from SolarWinds Cloud in the Attribute Name column and the CyberArk attribute in the Attribute Value column.

    Attributes are case-sensitive.

    SAML response attributes
    Attribute Name Attribute Value

    Email

    LoginUser.userName
    FirstName

    LoginUser.firstName

    LastName

    LoginUser.RoleNames

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure permissions to grant SSO access to SolarWinds Cloud users

Grant SSO access to SolarWinds Cloud by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 5: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure SolarWinds Cloud for SAML SSO

Perform these steps in SolarWinds Cloud to configure the SolarWinds Cloud app template for SSO.

  1. Sign in to SolarWinds Cloud with your admin account.

  2. Go to Settings > Organization Settings > Security. Click SAML.

  3. Enter the values you copied from CyberArk Identity IdP into their corresponding fields in SolarWinds Cloud:

    IdP settings

    Name in CyberArk Identity

    Name in SolarWinds Cloud
    IdP Entity ID Issuer (Entity ID)
    SAML URL SAML URL
    Single Logout URL Single Logout URL
    Signing certificate Certificate

  4. Click Save and Enable SAML Integration.

Test the SolarWinds Cloud SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and SolarWinds Cloud, SolarWinds Cloud users can benefit from IdP- and SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity with the user account you just added.

  2. Click the SolarWinds Cloud application tile to launch SolarWinds Cloud in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your SolarWinds Cloud and click any application in the list. You are redirected to that application sign-in screen.

  2. Click Log in with SSO.

  3. Enter sign-in credentials for the user account you just added and click Log in with SSO.

    You are redirected to the IdP for authentication. After successful authentication, you are redirected back to the SolarWinds Cloud web interface.

Additional information

See your SolarWind Cloud documentation for additional resources:

Configure Single Sign-On (SSO) via SAML (solarwinds.com)