Skip to main content
Close

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

HCI single sign-on

  1. Last updated
  2. Save as PDF

The HCI single sign-on (SSO) functionality utilizes the authentication credentials from your computer in providing a seamless login experience across all of your HCI apps for all of your active directory (AD) users.

After setting up SSO for HCI, you will be able to log in through the browser without having to provide any additional credentials. If a user is logged out, simply refreshing the browser will log them back in automatically.

SSO can be set up for use with Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox.

Parent Topic
Child Topics

Setting up single sign-on with Microsoft Internet Explorer and Google Chrome
SSO can only be configured with an Active Directory (LDAP) identity provider type.

WARNINGThe service account you use when providing your AD credentials needs to be created specifically for this HCI cluster. If the account is currently in use by another cluster, the previous cluster's HTTP Negotiate functionality will cease to function.
To configure Microsoft Internet Explorer or Google Chrome for HCI SSO access, complete the following steps for each AD user:

Procedure

  1. Open Internet Properties.

    1. For Windows 10 users:
      1. Click the Windows button to open the Start menu.
      2. Right-click the Start menu.
      3. Click Control Panel.
      4. In the Control Panel window, click Network and Internet.
      5. Click Internet Options.
    2. For Windows 7 users:
      1. Click the Windows button to open the Start menu.
      2. Click Control Panel.
      3. In the Control Panel window, click Network and Internet.
      4. Click Internet Options.

  2. Click the Security tab.

  3. Select Trusted sites.

  4. Click Sites.

  5. In the Add this website to the zone field, type: https://<HCI-system-name>.<your domain name>

  6. Click Add.

  7. Click Close.

  8. With Trusted sites selected, in the Security level for this zone field, click Custom level....

  9. Under User Authentication > Logon, select Automatic logon with current user name and password.

  10. Click Apply.

  11. In the Internet Options window, click the Advanced tab.

  12. In the Settings list, under Security, select Enable Integrated Windows Authentication.

  13. Click OK.

  14. Close Internet Properties.

  15. Under the Configuration > Security > Identity Providers tab in the Admin App, click CREATE to create a new identity provider.

  16. In the Type field, select Active Directory (LDAP).

  17. Click Enable HTTP Negotiate and enter the details of your AD credentials.

    ImportantIf HTTP Negotiate is enabled, Transport Layer Security (TLS) cannot be set to None.

  18. When you are finished setting up your identity provider, click CREATE.

  19. To access HCI with your SSO, enter the following into your browser: https://<HCI-system-name>.<your domain name>:8000

Parent Topic

Setting up single sign-on with Mozilla Firefox
SSO can only be configured with an Active Directory (LDAP) identity provider type.
WARNINGThe service account you use when providing your AD credentials needs to be created specifically for this HCI cluster. If the account is currently in use by another cluster, the previous cluster's HTTP Negotiate functionality will cease to function.

To configure Mozille Firefox for SSO access, repeat the following steps for every active directory user:

Procedure

  1. Open Firefox and edit its network settings.

    1. In the browser's address field, enter the following command: about:config
    2. Accept the warning message that appears to continue.
    3. In the Preference Name list, double-click network.negotiate-auth.delegation-uris to edit its values.
    4. In the Enter string value window, type: https://<HCI-system-name>.<your domain name>
    5. Click OK.
    6. In the Preference Name list, double-click network.negotiate-auth.trusted-uris to edit its values.
    7. In the Enter string value window, type: https://<HCI-system-name>.<your domain name>
    8. Click OK.

  2. Close Firefox.

  3. Under the Configuration > Security > Identity Providers tab in the Admin App, click CREATE to create a new identity provider.

  4. In the Type field, select Active Directory (LDAP).

  5. Click Enable HTTP Negotiate and enter the details of your AD credentials.

    ImportantIf HTTP Negotiate is enabled, Transport Layer Security (TLS) cannot be set to None.

  6. When you are finished setting up your identity provider, click CREATE.

  7. To access HCI with your SSO, enter the following into your browser: https://<HCI-system-name>.<your domain name>:8000

Parent Topic

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Page Type
    Documentation Article
  2. Tags
    This page has no tags.