Configuring Active Directory - Data360_Govern - Preview

Data360 Govern Help
Product type
Software
Portfolio
Verify
Product family
Data360
Product
Precisely Data Integrity Suite > Govern
Data360 Govern
Version
Preview
Language
English
Product name
Data360 Govern
Title
Data360 Govern Help
Copyright
2024
First publish date
2014

Data360 Govern is compliant with any SAML2 federated identity server, such as Active Directory Federation Services.

The following settings should be used when setting Data360 Govern up as a relying party, where <Client_environment> should be replaced with the correct path to your Data360 Govern environment:

Issuer ID (App ID) https://data3sixty.com/ui
From URL https://<Client_environment>.data3sixty.com/sso/acs
Target URL https://<Client_environment>.data3sixty.com/sso/acs

To configure Active Directory, you must provide Infogix support with the following information:

Required information Description
Idp SSO endpoint A publicly accessible login URL.
Idp SLO endpoint A publicly accessible logoff URL, if different from above.
Expected hash algorithm For example SHA1, SHA256 or SHA512.
Sign SAML assertion Y/N
Sign SAML message Y/N
Encrypt SAML message Y/N
Public certificate If you have provided an encrypted SAML message, please also provide a .CER file to encrypt the message with.
Expected claims

Expected claim

Active Directory property

Username, for example:

  • username
  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
 Email addresses

First name, for example:

  • first
  • firstname
  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
 Given name

Last name, for example:

  • last
  • lastname
  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
 Surname

Group:

  • http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
 Group name

Enabling SSO

You can enable SSO on all Data360 Govern environments by using the same configurations within Active Directory Federation Services.

  1. Specify the relaying party identifier, for example https://data3sixty.com/ui
  2. Select the Endpoints tab, then specify all Data360 Govern environments as your Assertion Consumer Endpoints.

Securing SSO authentication

  1. Open Active Directory Federation Services Management Center.
  2. Expand Trust Relationships.
  3. Select Relying Party Trusts.
  4. Right-click the required trust, then click Edit Claim Rules.
  5. Select the Issuance Authorization Rules tab, then delete the default Permit Access To All Users rule.
  6. Click Add Rule, then select Permit or Deny Users Based on an Incoming Claim.
  7. For the Incoming claim type, select Group SID.
  8. Click Browse next to the Incoming claim value field and select the required group.
Tip: Ensure that you have granted access to Data360 Govern to all SSO users. If a user has not been granted access to Data360 Govern, they may receive a "Bad Request" message when logging in via SSO.
Note: If you want to synchronize groups with Active Directory, you need to set up your active directory SSO configuration to send the group claim using http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.