Introduction

Silo can be configured to authenticate with two independent IdP configurations. While this configuration is atypical, Silo will allow for two distinct groups of users to participate in your organization’s Silo implementation.


Technical Details

Authentic8 Silo will work with most SAML 2.0 platforms with a few exceptions.

We have verified compatibility with the following IdPs:

  • Azure Active Directory
  • Duo
  • F5 BIG-IP
  • Microsoft A
  • Okta
  • Onelogin
  • PingIdentity
  • SecureAuth
  • GSuite



Prerequisites

Two Working compatible SAML 2.0 IdPs

  • Silo Access Portal must be enabled.
  • The installation of the native client, version 2.9.12 or later.
  • For Windows installations, enabling Integrated Windows Authentication (IWA) is optional.
  • TLS 1.2 security protocol


Notes: Effective March 30, 2020, our products only support TLS 1.2 connections and no longer support TLS 1.1. If you use one of our native applications, please ensure their version exceeds the minimum required to support TLS 1.2 and that any in-line network infrastructure that connects to our servers has been configured to use or permit the use of TLS 1.2

 

Configuration

The key to a successful deployment will be the correct configuration of the Vanity URLS and the Sub Orgs they are assigned to.

 

Silo Portal Configuration

From the Silo Admin Console, navigate to the Users and Orgs section

  1. Click the Manage button
  2. Select your ORG and click the Edit Orgs button
  3. Select the “+” symbol to create a Sub Org. Name it
  4. Enter the Vanity URL*
  5. Click Save
  6. Repeat these steps to create a second Sub Org



Note: Your Top-Level Organization must not have a Vanity URL setting defined.


Image_0


Examples of Sub Orgs with Vanity URLs


Image_2


Sub Organization 1



Image_1


Sub Organization 2


Build out your directory under these two sub orgs.  In the examples above, Sub Org GS was configured to use GSuite as an IdP.  Sub Org OA was configured to use Okta as an IdP.   Build out a directory structure under GS to maintain the users whose IdP accounts are within GSuite.  Likewise, build out a directory structure under OA for users whose accounts are stored within Okta.


Example

Image_3


At this point, you are ready to configure your SAML settings in both your Admin Console and IdP Management Studios.  Please refer to the Appropriate Cheat sheet for your IdP setups.  You may also want to review the following document on SSO configuration. Pay special attention to the Windows Registry settings section.  

 

*Note on Vanity URL Assignment: As a security best-practice, Authentic8 recommends that vanity URLs be assigned with sufficient complexity as to discourage enumeration attempts by malicious actors.

 

https://support.authentic8.com/support/solutions/articles/16000035031-saml-sso-for-silo-access 

                      

Additional Notes  

Please contact Support if you have any additional questions and/or require further information.