Zentera CoIP Access Platform supports multiple user authentication mechanisms:
- SAML2.0 Identity Providers
- LDAP-based Directory Services
- zCenter locally configured users
There are independent configuration options available for the different types of users and locations for authentication.
- Admin Portal - Service Admins
- Admin Portal - Customer Admins
- CoIP Launcher Users - End users within the scope of individual Customers (tenants)
Please note, the external Identity Providers are used by the CoIP Access Platform for authentication only, and not for resource authorization. Roles and permissions are managed on the zCenter portal.
There are two management pages in the zCenter to configure the Identity Providers.
First, for the system service, go to zCenter’s Advancement Management menu > Advanced Management > Service Management > Identity Services. This configuration applies to either Service Admins to log into the zCenter Admin Portal, or can also be referred to by individual Customer (tenant) configuration.
Second, for a specific customer IdP configuration, go to zCenter’s Advancement Management menu > Portal Management > Customers and click on Manage Identity Services in the Action column for that customer. If the Customer is to use the IdP service which has been configured for the system, select System (Directory Services) which is the default setting. Otherwise, choose Customized Directory Services or Customized SAML 2.0 from the dropdown list.
Within each of the above management pages, the Identity Services can be applied to either Portal login or the CoIP Launcher login. To configure them for Admin Account, make sure the “Admin Account” tab is selected as shown below. Then proceed to configure Directory Services and/or SAML 2.0 by selecting the corresponding option in the “Authentication method for external Service Admin accounts” drop down list. The same principle applies to the CoIP Access User Account.
Directory Services - LDAP / Active Directory
The Directory Services tab allows you to configure access to different services as needed by clicking on the Create Directory Service button. The Create Directory Service page contains the required information to connect zCenter to your authorized LDAP or AD.
Once you have configured the directory service, click Test to validate these settings. A positive result indicates that zCenter can talk to the LDAP / AD server.
Create Directory Service
Saving this configuration lists the new service.
Directory Services Table
zCenter supports multiple Corporate Directory services. They can all be configured and listed in the table. You can use the up and down arrows to change precedence. The Save Precedence button is used to commit your changes to the system. You can edit it later with the Edit link in the list.
The SAML 2.0 tab allows you to configure an Identity Provider by clicking the New Identity Provider button.
Create Identity Provider
Once you enter the information for the Identity Provider, click Save to list the IdP in the SAML 2.0 table as shown below.
To ensure the trust relationship between zCenter as a Service Provider and the IdP, you will need to provide the Service Provider information to the IdP administrator by clicking the “View Service Provider Info” button and collecting the needed information as shown below.
View Service Provider Information