Online Help

SafeNet Trusted Access for Aviatrix

Overview

The application template provides the ability to enable single sign-on for users accessing the Aviatrix application through SafeNet Trusted Access.

Configuring SafeNet Trusted Access for Aviatrix is a three-step process:

1.Aviatrix setup

2.SafeNet Trusted Access setup

3.Verify authentication

Aviatrix Setup

As prerequisites,

Download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download Metadata File button. You will need this metadata in one of the steps given below.

Ensure that you have setup Aviatrix Controller and it is running.

Note:  For more information on setting up Aviatrix Controller, refer to the documentation available on the URL, https://docs.aviatrix.com/StartUpGuides/aviatrix-cloud-controller-startup-guide.html

On client machine, download and install the Aviatrix SAML VPN client using the following link :

https://docs.aviatrix.com/Downloads/samlclient.html

 

Configuring SafeNet Trusted Access as your identity provider in Aviatrix requires:

Creating an Aviatrix gateway

Creating a SAML endpoint

Creating an Aviatrix user

Creating an Aviatrix Gateway

Perform the following steps to create the Aviatrix Gateway:

1.Log in to the Aviatrix administrator's account using the https://<Aviatrix Controller IP Address>/#/login URL, where <Aviatrix Controller IP Address > is the IP Address assigned to the Aviatrix machine.

2.In the left pane, click Gateway.

3.In the right pane, Click + New Gateway.

4.On the CREATE A NEW GATEWAY window, perform the following steps:

a.In the Gateway Name field, enter a name for the gateway (for example, MyGateway).

b.Select values in the Access Account Name, Region, VPC ID, Public Subnet, and Gateway Size fields as per your preferred configuration.

c.Select the VPN Access check box.

d.Select the Advanced Options check box and select the Enable SAML check box.

e.Click OK.

Creating a SAML Endpoint

Perform the following steps to create the SAML Endpoint:

1.In the left pane, click OpenVPN® > Advanced.

2.In the right pane, under SAML tab, click +Add New.

3.Under ADD A NEW SAML ENDPOINT, perform the following steps:

a.In the Endpoint Name field, enter a name (for example, test).

b.In the IDP Metadata Type field, select Text.

c.Open the metadata file that you downloaded earlier from the SafeNet Trusted Access console and copy the entire text.

d.In the IDP Metadata Text field, paste the text copied in the previous step.

e.In the Entity ID field, ensure that Hostname is selected.

f.Click OK.

4.In the SAML tab, click on the SP Metadata tile. It will open the Aviatrix metadata in the default browser. Save it on your local machine with the .xml extension (for example, metadata.xml).

Note:  You should configure Aviatrix in SafeNet Trusted Access, before proceeding to the next step. Refer to the SafeNet Trusted Access Setup section.

5.Click TEST to verify the trust relation between IdP and Aviatrix.

In a web browser, you will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, you will be redirected to the Aviatrix controller.

Creating an Aviatrix User

Perform the following steps to create and assign the endpoint to the user(s):

1.In the left pane, click OpenVPN®.

2.Click VPN Users.

3.In the right pane, under step: Add a new VPN User, click + Add new.

4.Under ADD A NEW VPN USER, select the VPC ID and LB/Gateway Name for your SAML gateway.

5.In the User Name field, enter a name.

6.In the User Email field, enter a valid email ID.

Note:  You will receive a .cert file that will be used to connect with the client. Alternatively, you can download the .cert file from the user list, click on the icon, and click download.

7.In the SAML Endpoint field, select the endpoint that you created earlier in step 3 of Creating SAML Endpoint.

8.Click OK.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Aviatrix, the second step is to activate the Aviatrix application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Aviatrix application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Aviatrix) and proceed to the next step.

2.Under STA Setup, click Upload Aviatrix Metadata.

3.On the metadata upload window, click Browse to search and select the Aviatrix metadata that you saved earlier in step 4 of Create SAML Endpoint.

Under Account Details, the service provider metadata information is displayed.

4.Click Save Configuration to save the details and activate the Aviatrix application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Open the Aviatrix VPN Client application. Click Load Conf, select the file that you downloaded earlier in step 6 of Creating an Aviatrix User. Click Connect and select your profile (for example, test).

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be connected to the Aviatrix client after authentication. Now, you will be able to ping or access the private IP instances on the same cloud network.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.