Integrating ForgeRock SSO with Ekran System
To set up ForgeRock SSO (Single Sign-On) authentication so as to integrate it for use with the Ekran System Management Tool, do the following:
1. Log in to the Ekran System Management Tool as a user with administrator permissions.
2. Click the Configuration (.png?inst-v=afeb3508-7cdf-4f39-b336-a88afa1ec843)
3. On the Configuration page that opens, select the SSO Integration tab.
4. In the Issuer name field, specify the URL of your Management Tool, and upload the Identity provider metadata (xml) by using the Choose File button.
5. Optionally, select the Custom certificate option, and upload a custom certificate by using the Choose File button, and enter the Certificate password for it.
6. The Auto-create a Management Tool account for a new user on the first SSO login checkbox is selected by default, which automatically creates an internal / Active Directory user account in the Management Tool on a user's first login using SSO authentication if the user has not previously been added to the Management Tool, thereby enabling them to log in. This checkbox can be deselected, so that users who have not previously been added to the Management Tool are not added automatically, and are not therefore able to log in.
NOTE: Independently of whether this checkbox is selected or not, Active Directory users who have not been specifically added to the Management Tool as separate users, but who belong to an Active Directory group previously added, can log in (with a new Active Directory user account not created automatically if this checkbox is selected).
NOTE: SSO authentication is not currently implemented for use in Multi-Tenant mode.
7. Click then Save button.
8. Download the metadata by using the metadata URL.
9. Download the certificate by clicking the Download signing certificate link.
10. Import the downloaded certificate to the ForgeRock trusted store (see: https://backstage.forgerock.com/knowledge/kb/article/a94909995).
11. Open the ForgeRock AM Admin UI, and in the sidebar, click Applications > Federation > Entity Providers.
12. Create a new remote service, and then upload the metadata downloaded from the Management Tool.
13. For the new remote service, define the settings (as shown below).
14. SSO is then configured, and you can click Log In with SSO on the Management Tool Log In page.
