Online Help

SafeNet Trusted Access for Wallix Access Manager

Overview

Configuring SafeNet Trusted Access for Wallix Access Manager is a three-step process:

1.Wallix Access Manager setup

2.SafeNet Trusted Access setup

3.Verify authentication

Wallix Access Manager Setup

As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Wallix Access Manager:

1.Log in to the Wallix Access Manager console as an administrator using the https://<FQDN or Domain Name of your Wallix Access Manager Appliance>/wabam/global?domain=local URL.

2.On the Wallix Access Manager console, click Configuration > Organizations.

3.On the Organizations window, click +Add.

4.On the Add an Organization window, perform the following steps:

a.In the Name field, enter a name for your organization (for example, DemoOrg).

b.In the Identifier field, enter a name to be used to identify your organization in Wallix Access Manager (for example, TestOrg).

c.In the Local Domain Name field, ensure that local is displayed.

d.Click Save.

On the Organizations window, your organization's name is listed.

5.Click Configuration > SAML Identity Providers.

6.On the SAML Identity Providers window, click +Add.

7.On the Add an SAML Identity Provider window, perform the following steps:

a.In the Organization field, select the name of the organization (for example, DemoOrg) that you created earlier in step 4.

b.In the Name field, enter a name for the SAML profile of your organization (for example, DemoOrgSSO).

c.On the Service Provider tab, perform the following steps:

In the WAB-AM Entity Id field, enter the entity ID for Wallix Access Manager.

Under the Sign Messages and Encrypt Messages setting, click YES or No to turn the settings on or off as per your preferred configuration.

d.On the Identity Provider tab, perform the following steps:

Click to import the Identity Provider metadata that your downloaded earlier from the SafeNet Trusted Access console.

In the SSO Binding Type field, select POST or REDIRECT as per your preferred configuration.

e.On the Domain tab, perform the following steps:

In the Domain Name field, enter a domain name (for example, SAML) to perform the SAML authentication.

In the Default Profile, select a profile (for example, User) for your SAML users.

In the Attributes field, click on the pencil icon to edit mapping attributes. The Edit Mapping Attributes window is displayed. In the Login field, enter a mandatory attribute (for example, uid) and then click Save.

f.Click Save.

8.On the SAML Identity Providers window, the SAML profile (for example, DemoOrgSSO) is listed. Click Configuration > Organizations.

9.On the Organizations window, in the Name column, click on the name of the organization (for example, DemoOrg) that you created earlier in step 4.

10.On the Edit Organization window, in the Default Domain field, select the domain name (for example, SAML) that you created earlier in step 7(e).

11.Click Save.

Obtaining Metadata

Perform the following steps to obtain the Wallix Access Manager metadata:

1.On the Wallix Access Manager console, click Configuration > SAML Identity Providers.

2.On the SAML Identity Providers window, in the Name column, click on the SAML profile (for example, DemoOrgSSO) that you created earlier in step 7 of Wallix Access Manager Setup.

3.On the Edit SAML Identity Provider window, on the Service Provider tab, at the bottom, click Download.

The Wallix Access Manager metadata will be downloaded on your local machine.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Wallix Access Manager, the second step is to activate the Wallix Access Manager application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the Wallix Access Manager application you added earlier is currently in inactive state by default. To configure and activate this application, click the application (for example, Wallix Access Manager) and proceed to the next step.

2.Under STA Setup, click Upload Wallix Access Manager Metadata.

3.On the Metadata upload window, click Browse to search and select the Wallix Access Manager metadata that downloaded earlier in Obtaining Metadata.

4.Under Account details, the service provider metadata information is displayed.

5.Click Save Configuration to save the details and activate the Wallix Access Manager application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Wallix Access Manager URL, https://<FQDN or Domain Name>/wabam/<ORGANIZATION_ID>?domain=<SAML_DOMAIN_NAME>.

Where,

<FQDN or Domain Name> is the fully qualified domain name or domain name of your Wallix Access Manager appliance.

<Organization ID> is your Wallix Access Manager organization ID that you created earlier in the Wallix Access Manager Setup section as mentioned above.

<SAML Domain Name> is the domain name of your SAML profile that you created earlier in the Wallix Access Manager Setup section as mentioned above.

You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Wallix Access Manager application to access internal resources after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Wallix Access Manager application icon, you should be redirected to the Wallix Access Manager application to access internal resources after authentication.

 

© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.