We'd like to be able to login to Prognosis WebUI (version 11.5) through SSO, without entering any login/passwords, just by automaticly using Windows Domain credentials for the user that is accesing Prognosis WebUI URL, so that authentication is completely transparent for the users of Prognosis WebUI.
The company has an IdP already in place, that would be used to allow a SAML 2.0 integration with Prognosis WebUI. For example, it's already being used to authenticate CUCM administrators through Metadata files loaded in CUCM.
I have read the security chapter for Prognosis 11.5 installation, but its not clear to me what steps are strictly necessary in this specific scenario in order to enable such authentication method. I understand we don't need a local ADFS in our Prognosis server as we already have an external IdP. If I understood well, Prognosis does not need direct communication with the IdP, being the user's browser who connects to the IdP and Prognosis WebUI using redirections, so no firewall considerations between Prognosis and IdP. Please correct me if I'm wrong.
Additionally, is there a limitation in the flavour of the remote IdP server that our company uses or is it irrelevant as long as SAML 2.0 is being used?
Could you please help us to understand the general steps needed for our scenario?
Thanks in advance and best regards
Yes. Prognosis supports SSO which allows users to switch between Prognosis and various other tools and applications without the need for separate logons. It is covered in this location in the Online Help:
The way you have it set up with your CUCM Admin web app sounds similar to the way Prognosis supports SSO: Using a metadata file, an IdP and SAML 2.0.
Prognosis SSO, however, has been validated by testing and documented with an ADFS (and OpenAM).
For firewall considerations involving ADFS the Microsoft articles should provide more clarification like this one:
Having looked at the planning phase in session one of this series, we will turn our focus to the readiness phase. The all important technical capabilities assessment, ensuring the network, endpoints and users are adequately prepared for the move.
Hear first hand from IR's Global Head of Information Systems and Technology, Jason Schwendinger, on how he has been tackling these issues.Join webinar