HCI single sign-on
The HCI single sign-on (SSO) functionality utilizes the authentication credentials from your computer in providing a seamless login experience across all of your HCI apps for all of your active directory (AD) users.
After setting up SSO for HCI, you will be able to log in through the browser without having to provide any additional credentials. If a user is logged out, simply refreshing the browser will log them back in automatically.
SSO can be set up for use with Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox.
Setting up single sign-on with Microsoft Internet Explorer and Google Chrome
Procedure
Open Internet Properties.
- For Windows 10 users:
- Click the Windows button to open the Start menu.
- Right-click the Start menu.
- Click Control Panel.
- In the Control Panel window, click Network and Internet.
- Click Internet Options.
- For Windows 7 users:
- Click the Windows button to open the Start menu.
- Click Control Panel.
- In the Control Panel window, click Network and Internet.
- Click Internet Options.
- For Windows 10 users:
Click the Security tab.
Select Trusted sites.
Click Sites.
In the Add this website to the zone field, type: https://<HCI-system-name>.<your domain name>
Click Add.
Click Close.
With Trusted sites selected, in the Security level for this zone field, click Custom level....
Under User Authentication > Logon, select Automatic logon with current user name and password.
Click Apply.
In the Internet Options window, click the Advanced tab.
In the Settings list, under Security, select Enable Integrated Windows Authentication.
Click OK.
Close Internet Properties.
Under the Configuration > Security > Identity Providers tab in the Admin App, click CREATE to create a new identity provider.
In the Type field, select Active Directory (LDAP).
Click Enable HTTP Negotiate and enter the details of your AD credentials.
ImportantIf HTTP Negotiate is enabled, Transport Layer Security (TLS) cannot be set to None.When you are finished setting up your identity provider, click CREATE.
To access HCI with your SSO, enter the following into your browser: https://<HCI-system-name>.<your domain name>:8000
Setting up single sign-on with Mozilla Firefox
To configure Mozille Firefox for SSO access, repeat the following steps for every active directory user:
Procedure
Open Firefox and edit its network settings.
- In the browser's address field, enter the following command: about:config
- Accept the warning message that appears to continue.
- In the Preference Name list, double-click network.negotiate-auth.delegation-uris to edit its values.
- In the Enter string value window, type: https://<HCI-system-name>.<your domain name>
- Click OK.
- In the Preference Name list, double-click network.negotiate-auth.trusted-uris to edit its values.
- In the Enter string value window, type: https://<HCI-system-name>.<your domain name>
- Click OK.
Close Firefox.
Under the Configuration > Security > Identity Providers tab in the Admin App, click CREATE to create a new identity provider.
In the Type field, select Active Directory (LDAP).
Click Enable HTTP Negotiate and enter the details of your AD credentials.
ImportantIf HTTP Negotiate is enabled, Transport Layer Security (TLS) cannot be set to None.When you are finished setting up your identity provider, click CREATE.
To access HCI with your SSO, enter the following into your browser: https://<HCI-system-name>.<your domain name>:8000