Application SSO Setup

The purpose of this section is understand the setup instructions for Desktop-based, Browser-based, and Windows Login Application Single-Sign-On (SSO).

../../_images/sso-overview-image.png

For more information about the OmniDefend SSO Solution, visit OmniDefend SSO

Note

As a prerequisite to this section, please install the OmniDefend Client Bundle, the OmniDefend MFA Browser Extension, and the OmniDefend SSO Browser Extension. Also make sure that the user is already enrolled in OmniDefend MFA.

../../_images/OD-Square-Shape-Logo-01.png

Legacy Desktop Applications

This documentation will demonstrate how to provision OmniDefend password-fill SSO onto a legacy desktop application.

1. Portal Login

To setup a desktop application with OmniDefend SSO, first login to the portal as an admin. As you can see in the images below, the OmniDefend Client icon in the Windows system tray should change once login is succesful.

Logged Out:

../../_images/system-tray-icon-logged-out.png

Vs. Logged In:

../../_images/system-tray-icon-logged-in.png

2. Application Launch

Next, launch the desktop application which you wish to provision in OmniDefend. For this documentation, we will use the example of Microsoft SQL Server Management Studio.

3. Run Wizard

After launching the application, right-click the OmniDefend system tray icon and left-click Run Wizard. See the image below:

../../_images/sql-launch-system-tray.png

4. Drag and Drop the Icon in the Password Wizard

After clicking Run Wizard, the Password Wizard for Desktop Applications will open. Locate and clear the data from the Server Name field in the wizard, and as you can see in the image below, drag and drop the icon onto the relevant field in the desktop application.

../../_images/drag-and-drop-server-name.png

5. Repeat Drag and Drop for the ``Authentication`` Field

We will repeat this process for the Authentication field in the wizard. First, select Windows Authentication within the relevant field in the application. Next, as seen in the image below, drag and drop the OmniDefend icon into the field.

../../_images/drag-and-drop-authentication.png

6. Repeat Drag and Drop for the ``Connect`` Button

We will repeat this process for Connect button in the application. For clarity, see the image below:

../../_images/drag-and-drop-connect-button.png

7. Deselect ``Password`` field in the Password Wizard

Navigate to the bottom of the Detection Components section of the Password Wizard. Uncheck the box for the password field, as seen in the image below:

../../_images/wizard-password-uncheck.png

Left-click the Create button in the Password Wizard. As seen in the image below, a confirmation box will be presented.

../../_images/password-wizard-confirmation.png

8. Prompt the OmniDefend Authentication Pop-Up

Once the password wizard closes, click anywhere in the background of the dialog box of the application. The OmniDefend Pop-Up will appear and prompt for authentication, as seen in the image below:

../../_images/desktop-authentication-popup.png

Finish by logging into OmniDefend using the popup and the pre-provisioned MFA credentials.

../../_images/OD-Square-Shape-Logo-01.png

Browser-Based Applications

This set of instructions will demonstrate how to provision OmniDefend password-fill SSO onto a browser-based application.

1. Login to OmniDefend

Login to the OmniDefend Portal as an admin. After doing so, navigate to the browser application which you want to provision. For this documentation, we will use the example of imgur.com

Caution

Before proceeding further, ensure that you are logged in to the OmniDefend extension agent as the same user by clicking on the SSO extension in the browser toolbar.

../../_images/browser-toolbar-sso.png

2. Navigate to Application Login Page

Navigate to the Sign In page of the browser application. The OmniDefend Save Credentials? popup will automatically appear and prompt for SSO setup, as seen in the image below:

../../_images/save-credential.png

3. Enter credentials BEFORE clicking ``Yes``

Ensure to enter in the credentials to the username and password boxes BEFORE clicking Yes in the Save Credentials? box and BEFORE confirming sign in into the application.

../../_images/before-save-credentials.png

4. Navigate to the Portal Launch Wizard

Log out and then log back into the OmniDefend portal. Navigate to Applications and select the relevant application (in this case Imgur). Left-click Actions and again on Launch Wizard

../../_images/launch-wizard-sso.png

Tip

The SSO wizard on the portal allows you to edit the Vault Templates as well as configure different SSO features such as disabled username and password fields or random password generation.

../../_images/launch-wizard-detailed.png

5. Provision the application through the Portal

Navigate to Applications and select the relevant application (in this case Imgur). Left-click Actions and again on Provision...

../../_images/actions-provision.png

To finish, select from one of the provisioning options for the application. The four options will appear the same as the image below:

../../_images/provision-options.png
../../_images/OD-Square-Shape-Logo-01.png

Windows Login with Credential Provider

This set of instructions will demonstrate how to create a Windows Login application within OmniDefend and provision it to users accordingly.

1. Satisfy Prerequisites

There are several prerequisites that are required to be satisfied prior to Windows Login application setup.

  1. Ensure that the OmniDefend Credential Provider Client has been installed through either .exe or .msi files. For more info on where to find these files, please contact info@softexinc.com <info@softexinc.com>_

  2. Ensure that the provided registry files are edited and updated correctly.

    Note

    OmniDefend Credential Provider requires OmniDefend Server Information to connect. Please edit provided registry files OmniDefend_CredProv_Setting.reg and update the ServerUrl, ClientId and ClientSecret values in registry files. Please install updated registry files on the client systems. You can push this reg file to the respective user’s machine via group policy.

2. Create a Windows Login application in the OD Portal

To enable OmniDefend Credential Provider, we must first create an application within the OmniDefend platform. Follow these steps to create the application for the Credential Provider, named WinLogon:

  1. Login to the OmniDefend portal and navigate to Applications > Add Applications(s)

  2. Select the application type as Windows Login from the dropdown, as shown in the image below

    ../../_images/new-applications-winlogin.png

  3. Provide the necessary basic application information, including name, short name, and description. Optionally, update the ‘User Account Settings’ to configure the account lockout feature for failed attempts, adjust the ‘Desktop Login Settings’ as needed, and/or adjust the ‘MFA Policy’ for this application.

  4. Click Create to generate the application

3. Provision the Windows Login application

Navigate to Applications > Windows Login. Select the relevant Windows Login applicatoin and Left-click Actions and again on Provision...

../../_images/windows-login-provision.png

To finish, select from one of the provisioning options for the application. The four options will appear the same as the image below:

../../_images/windows-login-provision-options.png