SAML Authentication - Help

1. Do we have an option to enable or disable AD and Radius authentication while using SAML?

Yes. Once SAML authentication is enabled, there will be a prompt to disable other authentications and you can disable other login methods, if necessary. Also, you will only be able to login locally via Super Admin.

2. Can we configure more than one IdP?

No, currently only one IdP can be configured at a time.

3. What are the different name ID formats supported in Network Configuration Manager?

At present, the Name ID formats supported for SAML authentication in Network Configuration Manager are Transient and Persistent.

4. Can we use both SAML authentication and TFA features in Network Configuration Manager?

In Network Configuration Manager, you will not be able to use TFA when SAML authentication is enabled. This is because, the entire authentication flow is handled by the IdP when SAML authentication is enabled. TFA can be used only when signing in using Local, AD, or Radius authentication.

5. How do I access the product WebClient if the IdP is not reachable?

If the IdP is not reachable and the other authentication methods are disabled, you can log in locally via Super Admin. If other authentication methods are not disabled, you can login to Network Configuration Manager by using the default method.

6. How to configure SAML if the certificate is expired?

If the certificate is nearing expiry, Network Configuration Manager will raise an alert after the user logs in. The Service Provider's certificate can be regenerated from the Network Configuration Manager UI and uploaded to IdP and vice versa. After uploading, the lifetime of the certificates will be renewed.

Was this article helpful?