Introduction

Designed for the enterprise, Silo’s implementation of SAML, allows for PIN-less access to Silo by federating your logins with your Identity Provider (IdP).


All Silo authentication steps are seamless and transparent to the end user when employing SAML functionality.


Technical Details

Authentic8 Silo will work with any SAML 2.0 platform with few exceptions. 


We have verified compatibility with the following IdP's

  • Azure Active Directory
  • Duo
  • F5 BIG-IP
  • Microsoft AD FS
  • Okta
  • Onelogin
  • PingIdentity
  • SecureAuth
  • GSuite
  • Google SSO


System Requirements

A working, compatible SAML 2.0 IdP.

  • Silo Access Portal must be enabled.
  • The installation of the native client, version 2.97 or later.
  • For Windows installs, the enabling of Integrated Windows Authentication (IWA) is optional.
  • TLS 1.2 connections

NOTE: Effective March 30 2020, our products will only support TLS 1.2 connections and will cease support for TLS 1.1. If you use one of our native applications, please ensure their version exceeds the minimum required to support TLS 1.2  and that any in-line network infrastructure that connects to our servers has been configured to use TLS 1.2


Configuration

If you are already familiar with providing Single-Sign-On (SSO) access to other services, then the configuration should be straightforward.


Reviewing your SAML IdP's documentation on service provider (SP) configurations prior to starting is a suggested first step. Also, this step should include locating your IdP's configuration URLs and X.509 .crt IdP signing certificate for easier updating.


Silo Portal Configuration

The Silo Portal configuration step consists of setting the Silo Access Portal (Vanity) URL; this URL must be set with an active link for the SAML configuration to work.

This is a custom URL that your users will go to when accessing the Silo Access Portal.



Steps

From the Silo Admin Console, navigate to Users and Orgs section:

  1. Click the Manage button
  2. Select your ORG and click the Edit Orgs button
  3. Enter the Vanity URL
  4. Click Save



Silo Single Sign-On Configuration

1.  From the Silo Admin Console navigate to the Single Sign-On configuration page.



2. Enable SAML SSO 



IdP Configuration Steps
  1. Copy and paste the displayed SP URLs to update your IdP.
  2. Download and install your X.509 .crt encryption certificate to your IdP.

    NOTES
    • Please see your IdP's documentation for specific instructions for entering the required SP URLs. 
    • Authentic8 offers additional configuration support for certain IdPs, which can be requested by contacting Support.


ldP Cheat Sheets




Silo (SP) Configuration Steps

  1. From your IdP, obtain the required URLs.
  2. Update Silo (SP) with the URLs.  
  3. Upload your X.509 .crt IdP signing certificate from your IdP.



3. Press Save


4. Modify the Native Client - Windows 7/8/10


    5. The final step in configuring SAML is modifying the native client with the proper registry settings.

SAML Registry

Here are the required registry entries - Please note that the FEATURE_BROWSER_EMULATION value is 2710 Hexadecimal not Decimal. The decimal value 10000.




  • The IEWebViewMode settings are defined below. The Setting for SAML authentication is 2.



Note: Silo Access Portal (Vanity) URL is required to set IEWebViewURL. 



IEWebViewMode Settings 
When making the SAML registry changes the IEWebViewMode setting needs to be set to the appropriate value.


Value
Authentication Method
0Standard login (e.g., Pin or Differed Pin)
1A combined standard login and SAML option for testing.
2SAML


Integrated Windows Authentication (IWA) Settings

Configure your Internet Options to allow secure communication between our client and your internal SSO server.


Here are the steps:

  1. Control Panel

  2. Internet Options
  3. Security
  4. Local intranet
  5. Sites
  6. Advanced
  7. Type https://yourserver.yourdomain.com then click Add



Additional Notes  

Please contact Support if you have any additional questions and/or require further information.