Introduction
Silo can be configured to authenticate with two independent IdP endpoints. While this configuration is atypical, Silo will allow for two distinct groups of end-users to participate in your organization’s Silo implementation
Technical Details
Silo is universally compatible with most SAML 2.0 platforms with some exceptions
We have verified compatibility with the following IdP solutions:
- Azure Active Directory
- Duo
- F5 BIG-IP
- Microsoft ADFS
- Okta
- OneLogin
- PingFederate
- PingOne Cloud
- SecureAuth
- GSuite
Prerequisites
Two SAML 2.0 compatible Identity Providers
- Silo Access Portal must be enabled
- For Windows installations, enabling Integrated Windows Authentication (IWA) is optional.
- TLS 1.2 security protocol
Important: Effective March 30, 2020, Authentic8 will only support TLS 1.2 connections, and will cease to accept TLS 1.1 connection requests. Any in-line network infrastructure connecting to our servers must also be configured to permit the use of the TLS 1.2 secure protocol
Configuration
The key to a successful deployment is a proper configuration of the Vanity URL values for the respective sub-orgs they are assigned to.
Silo Portal Configuration
From the Silo Admin Console, navigate to the Users and Orgs section
- Click the Manage button
- Select your ORG and click the Edit Orgs button
- Select the [+] symbol to create a Sub Org
- Enter a unique value in the Vanity URL field
- Click Save
- Repeat these steps to create a second Sub Org
Important: The utmost Top-level Organization must not have a Vanity URL value defined
Best Practice: Authentic8 recommends that the vanity URL values are defined with sufficient complexity as to discourage enumeration attempts by malicious actors
Examples of Sub-orgs with Vanity URLs
Sub-org 1
Sub-org 2
In the examples above, sub-org: GS was configured to use GSuite as the IdP, while sub-org: OA was configured to use Okta. Build out a directory structure under GS to maintain IdP accounts within GSuite. Likewise, build out a directory structure under OA for accounts provisioned within Okta
Example
At this point, you are ready to configure your SAML SSO settings in both the Silo Admin Console and IdP Management studio. Kindly refer to the appropriate IdP configuration guideline in the following guideline: https://support.authentic8.com/support/solutions/articles/16000035031-saml-sso-for-silo-access
Please contact Support for for any additional questions