Introduction
Silo can be configured to authenticate with two independent IdP endpoints. While this configuration is atypical, Silo will allow for two distinct groups of end-users to participate in your organization’s Silo implementation.
Technical Details
Silo is universally compatible with most SAML 2.0 platforms with some exceptions.
We have verified compatibility with the following IdP solutions:
- Azure Active Directory
- Duo
- F5 BIG-IP
- Microsoft ADFS
- Okta
- Onelogin
- PingIdentity
- SecureAuth
- GSuite
Prerequisites
Two SAML 2.0 compatible Identity Providers
- Silo Access Portal must be enabled
- For Windows installations, enabling Integrated Windows Authentication (IWA) is optional.
- TLS 1.2 security protocol
Important: Effective March 30, 2020, Authentic8 products only support TLS 1.2 connections, and no longer support TLS 1.1. If you are using one of our Installed Clients, please ensure the client version exceeds the minimum requirement to support TLS 1.2. Any in-line network infrastructure connecting to our servers must also be configured to permit the use of TLS 1.2
Configuration
The key to a successful deployment is a proper configuration of the Vanity URL values for the respective sub-orgs they are assigned to.
Silo Portal Configuration
From the Silo Admin Console, navigate to the Users and Orgs section
- Click the Manage button
- Select your ORG and click the Edit Orgs button
- Select the [+] symbol to create a Sub Org
- Enter a unique value in the Vanity URL field
- Click Save
- Repeat these steps to create a second Sub Org
Important: The utmost Top-level Organization must not have a Vanity URL value defined.
Best Practice: Authentic8 recommends that the vanity URL values are defined with sufficient complexity as to discourage enumeration attempts by malicious actors.
Examples of Sub-orgs with Vanity URLs
Sub-org 1
Sub-org 2
In the examples above, sub-org: GS was configured to use GSuite as the IdP, while sub-org: OA was configured to use Okta. Build out a directory structure under GS to maintain IdP accounts within GSuite. Likewise, build out a directory structure under OA for accounts provisioned within Okta.
Example
At this point, you are ready to configure your SAML SSO settings in both the Silo Admin Console and IdP Management studio. Kindly refer to the appropriate IdP configuration guideline in the following article: https://support.authentic8.com/support/solutions/articles/16000035031-saml-sso-for-silo-access
Please contact Support for any questions.