Versions Compared

Old Version 1

changes.mady.by.user Christina Loher

Saved on

compared with

New Version 2

changes.mady.by.user Emese Pogany

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

Single Sign-On (SSO) is an authentication method that can be used via a cloud-based identity provider (IdP) to access the local device and apps. This article describes the options used for configuring SSO in IGEL OS.

Info

See How to Configure Single Sign-On (SSO) on IGEL OS 12 for a detailed description of the entire SSO configuration process.

...

Menu path: Security > Logon > Single Sign-On

...

Image Added

Single Sign-On with identity provider

Include Page
IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated
IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated

SSO is used as the authentication method. 

Info

To have a fallback option if something goes wrong with SSO, e.g. a network failure, it is recommended to configure local login in addition under Security > Logon > Local User. For more information, see Local User Login in IGEL OS 12.

Include Page
IGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivated
IGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivated

SSO is not used. (Default)

Identity provider

The identity provider used for the SSO configuration.
Possible options:

  • Azure AD: Use Microsoft Entra ID as IdP

  • Okta

  • OpenID Connect

  • Ping Identity | PingOne

  • VMware Workspace ONE Access

Identity Provider Is Set to "Azure AD"

Azure AD Tenant Name/ID

The value you have obtained as Directory (tenant) ID in the Microsoft Entra ID Portal.

Application (client) ID

The value you have obtained as Application (client) ID in the Microsoft Entra ID Portal.

...

The client secret that was created in the Microsoft Entra ID Portal. 

Info

If the login method is configured and the Allow system logoff option is enabled under System > Power Options > Shutdown, the user can log off the device through the shutdown menu. For information on how to access the shutdown menu, see Commands Session in IGEL OS12. For information on how to configure the shutdown menu, see Shutdown Settings in IGEL OS 12.

Identity Provider Is Set to "Okta"

Okta URL

The URL of the Okta identity provider.

...

This is a value created by the identity provider. The value can be copied from the Identity Provider Admin Console.

Identity Provider Is Set to "OpenID Connect"

This option can be used for various identity providers that support OpenID Connect.

...

As an alternative to the interactive desktop login, predefined user credentials can automatically be provided to the IdP on startup. The credentials are stored securely on the endpoint device.

Info

  • In this version of IGEL OS, only login via username and password is supported; multi-factor authentication (MFA) is not supported.

  • Please be aware that after the automatic desktop login, a fully unlocked desktop session will run on your endpoint device. This feature should only be used for use cases where no interactive login is possible. It is good practice to restrict this user's access to only the relevant components and data that are necessary for the specific use case.

Automatic login is available for the following IdPs:

  • Okta

  • Microsoft Entra ID (formerly known as Microsoft Azure AD)

  • Ping Identity | PingOne

  • VMware Workspace ONE Access

Automatically perform login

Include Page
IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated
IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activated

After startup, the endpoint device performs the login automatically using the Username for autologin and the Password for autologin.

...