Data360 Govern is compliant with any SAML2 federated identity server, such as Active Directory Federation Services.
The following settings should be used when setting Data360 Govern up as a relying party, where <Client_environment> should be replaced with the correct path to your Data360 Govern environment:
Issuer ID (App ID) | https://data3sixty.com/ui |
From URL | https://<Client_environment>.data3sixty.com/sso/acs |
Target URL | https://<Client_environment>.data3sixty.com/sso/acs |
To configure Active Directory, you must provide Infogix support with the following information:
Required information | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Idp SSO endpoint | A publicly accessible login URL. | ||||||||||
Idp SLO endpoint | A publicly accessible logoff URL, if different from above. | ||||||||||
Expected hash algorithm | For example SHA1, SHA256 or SHA512. | ||||||||||
Sign SAML assertion | Y/N | ||||||||||
Sign SAML message | Y/N | ||||||||||
Encrypt SAML message | Y/N | ||||||||||
Public certificate | If you have provided an encrypted SAML message, please also provide a .CER file to encrypt the message with. | ||||||||||
Expected claims |
|
Enabling SSO
You can enable SSO on all Data360 Govern environments by using the same configurations within Active Directory Federation Services.
- Specify the relaying party identifier, for example
https://data3sixty.com/ui
- Select the Endpoints tab, then specify all Data360 Govern environments as your Assertion Consumer Endpoints.
Securing SSO authentication
- Open Active Directory Federation Services Management Center.
- Expand Trust Relationships.
- Select Relying Party Trusts.
- Right-click the required trust, then click Edit Claim Rules.
- Select the Issuance Authorization Rules tab, then delete the default Permit Access To All Users rule.
- Click Add Rule, then select Permit or Deny Users Based on an Incoming Claim.
- For the Incoming claim type, select Group SID.
- Click Browse next to the Incoming claim value field and select the required group.