CoIP Platform supports you to configure various mechanisms for authenticating end users (CoIP Launcher):
SAML2.0 Identity Providers
LDAP-based Directory Services
OAuth 2.0 / OpenID Connect
Local user database
External Identity Providers are used for user authentication only; authorization is based on User Roles and Access Policies that are configured by the administrator.
Configuring the Identity Provider
From the left-hand navigation menu, open the Settings menu and select "Manage Identity Services". This brings up the identity services management page:
The four options are:
System (Directory Services) – local database, with user/password stored on the zCenter service portal
Customized Directory Services – enables the user authentication to be performed by external directory services (LDAP/Active Directory)
Customized SAML 2.0 – enables the user authentication to be performed by an external identity provider using SAML 2.0
Customized OAuth 2.0/OpenID Connect – enables the user authentication to be performed by an external identity provider using OAuth 2.0 or OpenID Connect
To use external multi-factor authentication, please select either the SAML 2.0 or OAuth 2.0 options.
Directory Services - LDAP / Active Directory
The Directory Services tab allows you to configure access to different services as needed by clicking on the Create Directory Service button. The Create Directory Service page contains the required information to connect zCenter to your authorized LDAP or AD.
Once you have configured the directory service, click Test to validate these settings. A positive result indicates that zCenter can talk to the LDAP / AD server. As an example shown below, the service port is usually 636 when Enable SSL is checked, and is 389 when SSL is not enabled.
Create Directory Service
Saving this configuration lists the new service.
Directory Services Table
zCenter supports multiple Corporate Directory services. They can all be configured and listed in the table. You can use the up and down arrows to change precedence. The Save Precedence button is used to commit your changes to the system. You can edit it later with the Edit link in the list.
The SAML 2.0 tab allows you to configure an Identity Provider by clicking the New Identity Provider button.
Create Identity Provider
Once you enter the information for the Identity Provider, click Save to list the IdP in the SAML 2.0 table as shown below.
To ensure the trust relationship between zCenter as a Service Provider and the IdP, you will need to provide the Service Provider information to the IdP administrator by clicking the “View Service Provider Info” button and collecting the needed information as shown below.
View Service Provider Information