Online Help

SafeNet Trusted Access for Liquit Workspace

Overview

The application template provides the ability to enable single sign-on using OpenID Connect (OIDC) protocol for users accessing the Liquit Workspace application through SafeNet Trusted Access.

Configuring SafeNet Trusted Access for Liquit Workspace is a three-step process:

1.SafeNet Trusted Access setup

2.Liquit Workspace setup

3.Verify authentication

SafeNet Trusted Access Setup

Perform the following steps to configure the Liquit Workspace application in SafeNet Trusted Access:

1.In the Applications pane, the Liquit Workspace application you added earlier is in the inactive state by default. To configure and activate this application, click on the application (for example, Liquit Workspace) and proceed to the next step.

2.Under STA Setup, perform the following steps:

a.Under ALLOWED FLOW TYPE, ensure that the Authorization Code flow checkbox is selected.

b.In the SERVICE LOGIN URL field, enter the following service login URL of the Liquit Workspace application.

https://<Domain name>.liquit.com

Where <Domain name> is the domain name that you have registered while configuring Liquit Workspace.

For example, https://demo.liquit.com

c.In the VALID REDIRECT URL field, enter the following redirect URL of the Liquit Workspace application.

https://<Domain name>.liquit.com/api/auth/token/end

For example, https://demo.liquit.com/api/auth/token/end

d.Click Save Configuration to save the details and activate the Liquit Workspace application in SafeNet Trusted Access.

Liquit Workspace Setup

As a prerequisite, you must have a Liquit Workspace environment that is up and running on your machine.

After configuring the Liquit Workspace application in SafeNet Trusted Access, you need to configure SafeNet Trusted Access in Liquit Workspace. Configuring STA in Liquit Workspace requires:

1.Creating identity sources

2.Configuring access policy for users or groups

Creating Identity Sources

Identity sources enables Liquit Workspace to synchronize with identity providers (IdPs).

You can create one of the following identity sources in Liquit Workspace as per your preferred configuration:

>Azure AD: Allows you to connect to Azure AD.

>LDAP: Allows you to connect to a Microsoft Active Directory or eDirectory.

Creating Azure AD as an Identity Source

As a perquisite, you need to register your Liquit Workspace application in your Azure AD tenant. Click here to refer to the required steps.

Perform the following steps to create Azure AD as an identity source:

1.Log in to Liquit Workspace as an administrator.

2.On the Liquit Workspace administrator console, click the Manage tab and perform the following steps:

a.Under Manage, search for Identity Sources.

b.Under AUTHENTICATION, click Identity Sources.

3.On the Identity Sources window, click Create to create an Identity Source for the Liquit Workspace application.

4.On the Create identity source window, perform the following steps:

a.On the Type tab, select Azure AD, and click Next.

b.On the Overview tab, perform the following steps:

i.In the Name field, enter a name (for example, SafeNet-AzureAD) for the identity source.

ii.In the Display name field, enter a display name (for example, SafeNet-AzureAD) for the identity source. This field is optional.

iii.Click Next.

c.On the Settings tab, perform the following steps:

i.In the Application ID and Client secret fields, enter the values as explained in the Creating the Identity Source in Liquit Workspace section in Liquit Documentation.

ii.Under OAuth 2 url’s, click Fetch OAuth 2 url’s.

d.On the Fetch OAuth 2 url’s window, perform the following steps:

i.In the Type field, select Azure AD.

ii.In the Azure AD tenant ID field, enter the tenant ID of your Azure AD tenant.

A value in the URL field is automatically populated based on the Tenant ID.

iii.Click Confirm.

On the Create identity source window, on the Settings tab, values in all the mandatory fields are populated automatically.

NOTE   If fields' values are not populated automatically, you need to enter the fields' values manually. For more information, refer to Liquit Documentation.

iv.Click Next.

e.The Summary tab displays the information that you have entered in the previous tabs. Review the complete information and click Finish.

5.On the <Your Azure AD Identity Source> window (for example, SafeNet-AzureAD), in the left pane, click the Authentication tab.

6.In the right pane, ensure that the Federated authentication method checkbox is selected, and then click on the Edit icon .

7.On the Edit Authentication window, perform the below steps :

a.In the Client ID field, enter the client ID that is provided on the SafeNet Trusted Access console.

On the STA console, you can copy the value by clicking on the Copy to Clipboard icon available next to the CLIENT ID field.

b.In the Client secret field, enter the client secret that is provided on the SafeNet Trusted Access console.

On the STA console, you can make client secret visible by clicking , then copy its value by clicking on the Copy to Clipboard icon available next to the CLIENT SECRET field.

c.In the Redirect URI field, enter the URL that you entered in step 2(d) of STA Setup.

d.In the Claim attribute field, enter upn.

e.In the following fields, enter the fields' values available on the STA console. On the STA console, you can copy the fields' values by clicking on the Copy to Clipboard icon available next to the respective fields.

Authorization URI Enter the AUTHORIZATION END POINT URL as given on the STA console.
Token URI Enter the TOKEN END-POINT URL as given on the STA console.
Logout URI Enter the LOGOUT END-POINT URL as given on the STA console.

f.Click Confirm.

8.On the <Your Azure AD Identity Source> window (for example, SafeNet-AzureAD), click Save.

9. Configure the Contacts and Authenticator tabs as per your preferred configuration. For more details, refer to Liquit Documentation for Azure AD.

Configuring LDAP as an Identity Source

Perform the following steps to create LDAP as an identity source:

NOTE   Click Liquit Documentation for LDAP for more details on the tabs and fields mentioned in this section.

1.On the Identity Sources window, click Create to create an LDAP identity source for Liquit Workspace application.

2.On the Create identity source window, perform the following steps:

a.On the Type tab, select LDAP, and click Next.

b.On the Overview tab, perform the following steps:

i.In the Name field, enter a name (for example, SafeNet-AD) for the identity source.

ii.In the Display name field, enter a display name (for example, SafeNet-AD) for the identity source. This field is optional.

iii.Click Next.

c.On the Settings tab, perform the following steps:

i.In the Schema field, select Active Directory .

ii.In the Username field, enter the upn (User Principal name) of the service account of your active directory server.

iii.In the Password field, enter the password of the service account of your active directory server.

iv.Select values in rest of the fields as per your preferred configuration.

v.Click Next.

d.The Summary tab displays the information that you have entered in the previous tabs. Review the complete information and click Finish.

3.On the <Your LDAP Identity Source> window (for example, SafeNet-AD), in the left pane, click Servers.

4.On the Create server window, perform the following steps:

a.In the Name field, enter a name for the active directory server (for example, AD).

b.In the Address field, enter the DNS or the IP address of the active directory server of which you have entered the Username and Password in step 2(c) of this section.

NOTE   Click the Advanced tab to configure the advanced settings as per your preferred configuration.

c.Click Confirm.

5.On the <Your LDAP Identity Source> window (for example, SafeNet-AD), in the left pane, click Authentication.

6.In the right pane, ensure that the Federated authentication method checkbox is selected, and then click on the Edit icon .

7.On the Edit Authentication window, perform the below steps :

a.In the Client ID field, enter the client ID that is provided on the SafeNet Trusted Access console.

On the STA console, you can copy the value by clicking on the Copy to Clipboard icon available next to the CLIENT ID field.

b.In the Client Secret field, enter the client secret that is provided on the SafeNet Trusted Access console.

On the STA console, you can make client secret visible by clicking , then copy its value by clicking on the Copy to Clipboard icon available next to the CLIENT SECRET field.

c.In the Redirect URI field, enter the URL that you entered in step 2(d) of STA Setup.

d.In the Claim Attribute field, enter upn.

e.In the following fields, enter the fields' values available on the STA console. On the STA console, you can copy the fields' values by clicking on the Copy to Clipboard icon available next to the respective fields.

Authorization URI Enter the AUTHORIZATION END POINT URL as given on the STA console.
Token URI Enter the TOKEN END-POINT URL as given on the STA console.
Logout URI Enter the LOGOUT END-POINT URL as given on the STA console.

f.Click Confirm.

8.On the <Your LDAP Identity Source> window (for example, SafeNet-AD), click Save.

9.Now, you need to create a context in which users will be fetched from your active directory. In the left pane, click Contexts and in the right pane, click Create.

10.On the Create context window, perform the following steps:

a.In the Name field, enter the directory partition of your AD where the users and groups are stored.

For example, if the users are stored in the root directory, then the context is dc=ad,dc=<domain name>,dc=com

b.Click Confirm.

11.Configure the Contacts and Authenticator tabs as per your preferred configuration. For more details, click Liquit Documentation for LDAP.

Configuring Access Policy for Users and Groups

Perform the following steps to configure a policy for the group:

1.On the Liquit Workspace administrator console, in the left pane, click IDENTITIES > Groups.

2.In the right pane, double-click the group for which you want to configure access policy.

3.On the group window, in the left pane, click Access policy, and then in the right pane, click on .

4.On the Access policy window, in the Type column, select and assign a policy to the users of the group as per your preferred configuration.

5.Click Confirm.

6.Click Save.

NOTE   Similarly, you can also configure a policy for users.

Verify Authentication

1.Navigate to the target application's SSO URL (for example, https://workspace.liquit.com) and click on your identity source.

2.You will be redirected to your SafeNet Trusted Access sign-in page. Enter your login credentials.

3.Approve the two-factor authentication (if any) and you should be redirected to your Liquit Workspace application after successful authentication.

 

Copyright © 2021 Thales Group

All Rights Reserved.