Overview 

Designed for the enterprise, Silo’s implementation of SAML, allows for PIN-less access to Silo by federating your logins with your Identity Provider (IdP).


All Silo authentication steps are seamless and transparent to the end user when employing SAML functionality.


Technical Details


Authentic8 Silo will work with any SAML 2.0 platform with few exceptions. 


We have verified compatibility with the following IdP's

  • Duo
  • F5 BIG-IP
  • Microsoft AD FS
  • Okta
  • Onelogin


Authentic8 has confirmed that the following IdP's are not compatible with Silo's implementation of SAML 2.0:

  • Microsoft Azure AD


Prerequisites

  • A working, compatible SAML 2.0 IdP.
  • Silo Access Portal must be enabled.
  • The installation of the native client, version 2.97 or later.
  • For Windows installs, the enabling of Integrated Windows Authentication (IWA) is optional.


Configuration

If you are already familiar with providing Single-Sign-On (SSO) access to other services, then the configuration should be straightforward.


Reviewing your SAML IdP's documentation on service provider (SP) configurations prior to starting is a suggested first step. Also, this step should include locating your IdP's configuration URLs and X.509 .crt IdP signing certificate for easier updating.


Silo Portal Configuration

The Silo Portal configuration step consists of setting the Silo Access Portal URL; this URL must be set with an active link for the SAML configuration to work.
 
This is a custom URL that your users will go to when accessing the Silo Access Portal.


From the Silo Admin Console, navigate to the Silo Portal configuration page.


Set the Silo Access Portal URL


Press Save
 
Silo Single Sign-On Configuration

From the Silo Admin Console navigate to the Single-Sign-On configuration page.


Enable SAML SSO


IdP Configuration Steps
  1. Copy and paste the displayed SP URLs to update your IdP.
  2. Download and install your X.509 .crt encryption certificate to your IdP.
     
    Notes: 
    1. Please see your IdP's documentation for specific instructions for entering the required SP URLs. 
    2. Authentic8 offers additional configuration support for certain IdPs, which can be requested by contacting Support.


Silo (SP) Configuration Steps

  1. From your IdP, obtain the required URLs.
  2. Update Silo (SP) with the URLs.  
  3. Upload your X.509 .crt IdP signing certificate from your IdP.



Press Save


Modify the Native Client - Windows 7/8/10

The final step in configuring SAML is modifying the native client with the proper registry settings.
 
SAML Registry

Here are the required registry entries - Please note - the FEATURE_BROWSER_EMULATION value is 2710 Decimal not Hex.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"a8cli.exe"=dword:00002710
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"a8cli.exe"=dword:00000001
 
[HKEY_CURRENT_USER\SOFTWARE\Authentic8, Inc.\Authentic8]
"IEWebViewMode"=dword:00000002

Note: The IEWebViewMode settings are defined below. The setting for SAML authentication is 2.

"IEWebViewURL"="https://getsilo.com/sso/saml/client/<Silo Access Portal URL>"
@=""


Note: The Silo Access Portal URL is required to set IEWebViewURL. Please see the Silo Portal Configuration section above for instructions on how to set this URL.


IEWebViewMode Settings 
When making the SAML registry changes the IEWebViewMode setting needs to be set to the appropriate value.

Value
Authentication Method
0
Standard login (e.g., Pin or Differed Pin)
1
A combined standard login and SAML option for testing.
2
SAML


Integrated Windows Authentication (IWA) Settings

Configure your Internet Options to allow secure communication between our client and your internal SSO server.


Here are the steps:

  1. Control Panel

  2. Internet Options
  3. Security
  4. Local intranet
  5. Sites
  6. Advanced
  7. Type https://yourserver.yourdomain.com then click Add



Additional Notes

Please Contact Authentic8 Support if you have additional questions or concerns.