Docs

Global Security/SSO Page

Suggest Edits

Getting Here

Settings > User Management > Global Security/SSO

User Management - Global Security/SSO Page

The Global Security/SSO Page allows administrators to configure global security settings, password policies, Two-Factor Authentication (2FA), and Single Sign-On (SSO). It also includes options to manage IP-based access restrictions.

Netography Fusion supports single sign-on (SSO) to any SAML 2.0 identity provider.

Prerequisites

The following conditions must be met to successfully configure SSO with Netography:

  • Identity Provider Metadata FileYou must have an existing identity provider service that supports SAML 2.0 and provides an Identity Provider Metadata File. This file is required to be uploaded to Netography as part of the SSO/SAML integration.
  • Netography Administrator accountWhen your original Netography account was created, an initial administrator user was also created. You may have also created additional users in this account. You are required to maintain at least 1 admin level user in the Netography account, which can be used as a fail-safe in case the SSO integration fails. This administrator access is required to configure/edit the SSO settings.  The login for these users will remain the default Netography login page, whereas once SSO is configured, you will receive a custom login URL for your SSO-based users.

Disable Multi-Factor Authentication if enabling SSO.

See: Multi-Factor Authentication (MFA/2FA).

Identity Provider Configuration

There are many identity providers on the market, and nearly all of them differ in how they configure SAML SSO integrations. Some example walkthroughs are available below, but consult your identity provider documentation for the most up-to-date information.

Identity ProviderConfiguration Docs
Auth0Configuring SSO with Auth0
GSuiteConfiguring SSO with GSuite
OktaConfiguring SSO with Okta
PingOneConfiguring SSO with PingOne

Page Sections

1. Resetting Passwords

  • Description: Forces all current users to reset their passwords at their next login.
  • Action:
    • REQUIRE PASSWORD RESET: Clicking this button initiates the password reset requirement for all users.
  • Behavior: Does not log users out of their current sessions.

2. Password Policy

  • Description: Enables administrators to configure custom password restrictions for all users.
  • Options:
    • CUSTOM: Toggle to allow custom password policies.

3. Two-Factor Authentication (2FA)

  • Global 2FA
    • Description: Enforces Two-Factor Authentication for all users.
    • Status: REQUIRED when enabled.
    • Behavior: Once enabled, all users must use 2FA to authenticate.

4. Single Sign-On (SSO)

  • SAML Single Sign-On
    • Description: Enables users to authenticate using the same identity provider (SAML) for internal and external services.
    • Status: ENABLED when SSO is active.
    • Behavior: Simplifies login for users by utilizing a centralized authentication service.

5. Inbound IP Allow List

  • Description: Allows administrators to define a list of trusted IP addresses or CIDR ranges to restrict access to Fusion.
  • Controls:
    • Dropdown: Input IP addresses or CIDRs.
    • Guidance: If left blank, no restrictions are applied.
    • Example:
      • 1.1.1.1
      • 2.2.2.2
      • 3.3.3.3/16
  • Actions:
    • SAVE ALLOWED IPS: Saves the configured IP allow list.
    • IMPORT IPS: Imports IP addresses or CIDRs from a text file or CSV.

Notes

  • Use Global 2FA and SSO to enhance account security across all users.
  • The Password Policy section ensures strong password enforcement for compliance and security.
  • The Inbound IP Allow List helps restrict access to trusted IP addresses only, providing an additional layer of security.

Updated 11 days ago