Enable SSO

About Host Names

Using the Host Names feature, you can:

When you use a URL to access APM, you can access the data sources that are mapped to the host name. For example, if two data sources (data_source1 and data_source2) are associated with a APM server, you can create two different URLs (https://data_source1/meridium/index.html and https://data_source2/meridium/index.html) using the host names that are mapped to the data sources. If you log in to APM with https://data_source1/meridium/index.html or https://data_source2/meridium/index.html, you can access data_source1 or data_source2, respectively.

In the Host Names page, you can add multiple host names. However, only the host name of the URL with which you have logged in to APM is listed.

Enable SSO On Site Authentication Using Active Directory

Procedure

  1. Run the LDAP Synchronization Process Manually or Schedule a LDAP Synchronization Process .
  2. Log out of APM.
  3. Log in to APM with the Windows user name and password.
    You are logged in.

Results

  • SSO On-Site Authentication is enabled.

What To Do Next

Enable SSO Off-Site Authentication Using APM Server Setup

About This Task

Note: The settings shown below may vary depending on your system.

Procedure

  1. In the Applications menu, navigate to ADMIN > Operations Manager > SSO Configuration.
    The SSO Configuration page appears.
  2. In the IDP URL box, enter the PartnerIdentityProviderConfigurations Name value configured in the C:\Program Files\Meridium\ApplicationServer\api \saml.json file.
  3. Select the SSO Enabled check box.
  4. Select .
    The SSO configuration is saved.
  5. Log out of APM.
  6. On the APM Server, in the APM program files, navigate to the folder ..\ApplicationServer\api.
    Note:
    • If you installed the software in the default location, the folder location will be C:\Program Files\Meridium\ApplicationServer\api.
    • The settings in the saml.json file must match the environment to which you are connecting. For example, the URL listed in SingleSignOnServiceUrl should point to the URL where you want to authorize the users.
  7. Modify the assertion and response signing settings to match the signing settings that are specified on the IDP, and then save and close the file.
  8. Reset IIS.
  9. Access APM via a web browser.
    SSO off-site authentication is enabled.

What To Do Next

Configure APM Server.

Enable OAuth for APM using SSO Off-Site

About This Task

For specific workflows, you can authenticate with APM using a JSON Web Token (JWT) provided by an IDP using the OAuth protocol. To enable this authentication, you must provide the following configuration.
Note: This form of authentication can be used by external applications that require access to APM APIs, such as mobile applications.

Procedure

  1. On the APM server, navigate to C:\ProgramData\Meridium.
  2. Open the appsettings.Global.json file using a text editor.
  3. Add the following values:
    • msEntraID0AuthURL: URL represents the location for the public signing key for JWT tokens issued by your IDP. For Microsoft Entra, this URL is https://login.microsoftonline.com/<tenantId>.
    • msEntraIDAppID: Application ID represents the application you have configured within your IDP.
  4. Reset IIS.
  5. Access APM APIs, providing the JWT token in the header of an HTTP request as a Bearer token.

Results

OAuth authentication for APM using SSO Off-Site is enabled.