Introduction
Designed for the enterprise, Silo’s implementation of SAML, allows for PIN-less access to Silo by federating your logins with your Identity Provider (IdP).
All Silo authentication steps are seamless and transparent to the end user when employing SAML functionality.
Technical Details
Authentic8 Silo will work with any SAML 2.0 platform with few exceptions.
We have verified compatibility with the following IdP's
- Azure Active Directory
- Duo
- F5 BIG-IP
- Microsoft AD FS
- Okta
- Onelogin
- PingIdentity
- SecureAuth
- GSuite
- Google SSO
System Requirements
A working, compatible SAML 2.0 IdP.
- Silo Access Portal must be enabled.
- The installation of the native client, version 2.97 or later.
- For Windows installs, the enabling of Integrated Windows Authentication (IWA) is optional.
- TLS 1.2 connections
NOTE: Effective March 30 2020, our products will only support TLS 1.2 connections and will cease support for TLS 1.1. If you use one of our native applications, please ensure their version exceeds the minimum required to support TLS 1.2 and that
any in-line network infrastructure that connects to our servers has been
configured to use TLS 1.2
Configuration
If you are already familiar with providing Single-Sign-On (SSO) access to other services, then the configuration should be straightforward.
Reviewing your SAML IdP's documentation on service provider (SP) configurations prior to starting is a suggested first step. Also, this step should include locating your IdP's configuration URLs and X.509 .crt IdP signing certificate for easier updating.
Silo Portal Configuration
The Silo Portal configuration step consists of setting the Silo Access Portal (Vanity) URL; this URL must be set with an active link for the SAML configuration to work.
This is a custom URL that your users will go to when accessing the Silo Access Portal.
Steps
From the Silo Admin Console, navigate to Users and Orgs section:
- Click the Manage button
- Select your ORG and click the Edit Orgs button
- Enter the Vanity URL
- Click Save
Silo Single Sign-On Configuration
1. From the Silo Admin Console navigate to the Single Sign-On configuration page.
2. Enable SAML SSO
IdP Configuration Steps- Copy and paste the displayed SP URLs to update your IdP.
- Download and install your X.509 .crt encryption certificate to your IdP.
NOTES: - Please see your IdP's documentation for specific instructions for entering the required SP URLs.
- Authentic8 offers additional configuration support for certain IdPs, which can be requested by contacting Support.
ldP Cheat Sheets
- ADFS 4.0 with Authentic8 Silo Access Portal Cheat Sheet
- Okta with Authentic8 Silo Access Portal Cheat Sheet
- OneLogin with Authentic8 Portal Cheat Sheet
Silo (SP) Configuration Steps
- From your IdP, obtain the required URLs.
- Update Silo (SP) with the URLs.
- Upload your X.509 .crt IdP signing certificate from your IdP.
3. Press Save
4. Modify the Native Client - Windows 7/8/10
5. The final step in configuring SAML is modifying the native client with the proper registry settings.
SAML Registry
Here are the required registry entries - Please note that the FEATURE_BROWSER_EMULATION value is 2710 Hexadecimal not Decimal. The decimal value 10000.
- The IEWebViewMode settings are defined below. The Setting for SAML authentication is 2.
- "IEWebViewURL"="https://getsilo.com/sso/saml/client/<Silo Access Portal (Vanity) URL>"
Note: Silo Access Portal (Vanity) URL is required to set IEWebViewURL.
IEWebViewMode Settings
When making the SAML registry changes the IEWebViewMode setting needs to be set to the appropriate value.
Value Authentication Method 0 Standard login (e.g., Pin or Differed Pin) 1 A combined standard login and SAML option for testing. 2 SAML
Integrated Windows Authentication (IWA) Settings
Configure your Internet Options to allow secure communication between our client and your internal SSO server.
Here are the steps:
Control Panel
- Internet Options
- Security
- Local intranet
- Sites
- Advanced
- Type https://yourserver.yourdomain.com then click Add
Additional Notes
Please contact Support if you have any additional questions and/or require further information.
Introduction
Designed for the enterprise, Silo’s implementation of SAML, allows for PIN-less access to Silo by federating your logins with your Identity Provider (IdP).
All Silo authentication steps are seamless and transparent to the end user when employing SAML functionality.
Technical Details
Authentic8 Silo will work with any SAML 2.0 platform with few exceptions.
We have verified compatibility with the following IdP's
- Azure Active Directory
- Duo
- F5 BIG-IP
- Microsoft AD FS
- Okta
- Onelogin
- PingIdentity
- SecureAuth
- GSuite
- Google SSO
System Requirements
A working, compatible SAML 2.0 IdP.
- Silo Access Portal must be enabled.
- The installation of the native client, version 2.97 or later.
- For Windows installs, the enabling of Integrated Windows Authentication (IWA) is optional.
- TLS 1.2 connections
NOTE: Effective March 30 2020, our products will only support TLS 1.2 connections and will cease support for TLS 1.1. If you use one of our native applications, please ensure their version exceeds the minimum required to support
Configuration
If you are already familiar with providing Single-Sign-On (SSO) access to other services, then the configuration should be straightforward.
Reviewing your SAML IdP's documentation on service provider (SP) configurations prior to starting is a suggested first step. Also, this step should include locating your IdP's configuration URLs and X.509 .crt IdP signing certificate for easier updating.
Silo Portal Configuration
The Silo Portal configuration step consists of setting the Silo Access Portal (Vanity) URL; this URL must be set with an active link for the SAML configuration to work.
This is a custom URL that your users will go to when accessing the Silo Access Portal.
Steps
From the Silo Admin Console, navigate to Users and Orgs section:
- Click the Manage button
- Select your ORG and click the Edit Orgs button
- Enter the Vanity URL
- Click Save
Silo Single Sign-On Configuration
1. From the Silo Admin Console navigate to the Single Sign-On configuration page.
2. Enable SAML SSO
- Copy and paste the displayed SP URLs to update your IdP.
- Download and install your X.509 .crt encryption certificate to your IdP.
NOTES:- Please see your IdP's documentation for specific instructions for entering the required SP URLs.
- Authentic8 offers additional configuration support for certain IdPs, which can be requested by contacting Support.
ldP Cheat Sheets
- ADFS 4.0 with Authentic8 Silo Access Portal Cheat Sheet
- Okta with Authentic8 Silo Access Portal Cheat Sheet
- OneLogin with Authentic8 Portal Cheat Sheet
Silo (SP) Configuration Steps
- From your IdP, obtain the required URLs.
- Update Silo (SP) with the URLs.
- Upload your X.509 .crt IdP signing certificate from your IdP.
3. Press Save
4. Modify the Native Client - Windows 7/8/10
5. The final step in configuring SAML is modifying the native client with the proper registry settings.
SAML Registry
Here are the required registry entries - Please note that the FEATURE_BROWSER_EMULATION value is 2710 Hexadecimal not Decimal. The decimal value 10000.
- The IEWebViewMode settings are defined below. The Setting for SAML authentication is 2.
- "IEWebViewURL"="https://getsilo.com/sso/saml/client/<Silo Access Portal (Vanity) URL>"
Note: Silo Access Portal (Vanity) URL is required to set IEWebViewURL.
IEWebViewMode Settings
When making the SAML registry changes the IEWebViewMode setting needs to be set to the appropriate value.
Value | Authentication Method |
| 0 | Standard login (e.g., Pin or Differed Pin) |
| 1 | A combined standard login and SAML option for testing. |
| 2 | SAML |
Integrated Windows Authentication (IWA) Settings
Configure your Internet Options to allow secure communication between our client and your internal SSO server.
Here are the steps:
Control Panel
- Internet Options
- Security
- Local intranet
- Sites
- Advanced
- Type https://yourserver.yourdomain.com then click Add
Additional Notes
Please contact Support if you have any additional questions and/or require further information.