Global Settings: Console Settings

Use the Authentication Options pane to select the method SOTI Connect uses to authenticate and authorize users.

SOTI Connect

With this option, SOTI Connect authenticates and authorizes users with their web console credentials.

Note: SOTI Connect only supports security groups associated with Active Directory groups from OneLogin. Groups created within OneLogin are not supported.

Identity Provider

With this option, SOTI Connect uses IDP credentials to authenticate and authorize users. SOTI Connect administrators can create groups when using the selected IDP authentication, but cannot assign users directly to that group. When users log in, they are matched to the group by name and added.

Name The name of the identity provider
IDP Entity ID The issuer URL from the provider page.
IDP URL The SAML 2.0 endpoint (HTTP) from the provider page.
Logout URL The SLO endpoint (HTTP) from the provider page.
Certificate The X.509 PEM certificate, obtained from the provider page. To obtain the certificate, on the page, under X.509 Certificate, click View Details. Select X.509 PEM and click Download.
Important: When you are entering information into OneLogin, note that the Audience value is case sensitive, and must match the EntityId used by SOTI Connect exactly.
Important: For non-SOTI Identity providers such as OneLogin, the Auto Create Groups (if enabled) parses all the groups out of the SAML message (that is, IDP login), adds these groups to SOTI Connect as groups, and then assigns them to the user. Thus, making them Active Directory groups.

If the Auto Create Groups option is disabled, create the required group(s) in SOTI Connect in advance, which is mapped to the user logging in. If a pre-created group(s) does not match what comes from the SAML, then such groups are not assigned to the user.

SOTI Identity

With this option, SOTI Identity authenticates and authorizes users.

SOTI Identity Enter the web address of your SOTI Identity installation.
Client ID Enter your SOTI Identity client ID.
Client Secret Enter your SOTI Identity client secret.
Note: If you log in to SOTI Connect using an external identity provider (SOTI Identity, OneLogin, and so on), but your instance of SOTI Connect has the SOTI Identity connection disabled, then an error appears prompting to log in using a local account.