Global Security/SSO Page

Getting Here

Settings > User Management > Global Security/SSO

User Management - Global Security/SSO Page

The Global Security/SSO Page allows administrators to configure global security settings, password policies, Two-Factor Authentication (2FA), and Single Sign-On (SSO). It also includes options to manage IP-based access restrictions.

Identity Provider Configuration

Netography Fusion supports single sign-on (SSO) to any SAML 2.0 identity provider.

There are many identity providers on the market, and nearly all of them differ in how they configure SAML SSO integrations. Some example walkthroughs are available below, but consult your identity provider documentation for the most up-to-date information.

Prerequisites

The following conditions must be met to successfully configure SSO with Netography:

  • Identity Provider Metadata FileYou must have an existing identity provider service that supports SAML 2.0 and provides an Identity Provider Metadata File. This file is required to be uploaded to Netography as part of the SSO/SAML integration.
  • Netography Administrator accountWhen your original Netography account was created, an initial administrator user was also created. You may have also created additional users in this account. You are required to maintain at least 1 admin level user in the Netography account, which can be used as a fail-safe in case the SSO integration fails. This administrator access is required to configure/edit the SSO settings.  The login for these users will remain the default Netography login page, whereas once SSO is configured, you will receive a custom login URL for your SSO-based users.

Disable Multi-Factor Authentication if enabling SSO.

See: Multi-Factor Authentication (MFA/2FA).


Page Sections

Resetting Passwords

  • Description: Forces all current users to reset their passwords at their next login.
  • Action:
    • REQUIRE PASSWORD RESET: Clicking this button initiates the password reset requirement for all users.
  • Behavior: Does not log users out of their current sessions.

Password Policy

  • Description: Enables administrators to configure custom password restrictions for all users.
  • Options:
    • CUSTOM: Toggle to allow custom password policies.

Two-Factor Authentication (2FA)

  • Global 2FA
    • Description: Enforces Two-Factor Authentication for all users.
    • Status: REQUIRED when enabled.
    • Behavior: Once enabled, all users must use 2FA to authenticate.

Single Sign-On (SSO)

  • SAML Single Sign-On
    • Description: Enables users to authenticate using the same identity provider (SAML) for internal and external services.
    • Status: ENABLED when SSO is active.
    • Behavior: Simplifies login for users by utilizing a centralized authentication service.

Inbound IP Allow List

  • Description: Allows administrators to define a list of trusted IP addresses or CIDR ranges to restrict access to Fusion. This list applies to both access to the Fusion Portal AND access to the Fusion API.
  • Controls:
    • Dropdown: Input IP addresses or CIDRs.
    • Guidance: If left blank, no restrictions are applied.
    • Example:
      • 1.1.1.1
      • 2.2.2.2
      • 3.3.3.3/16
  • Actions:
    • SAVE ALLOWED IPS: Saves the configured IP allow list.
    • IMPORT IPS: Imports IP addresses or CIDRs from a text file or CSV.

User Inactivity Timeout

  • Description: Allows administrators to define how long a logged-in user can be idle before they are automatically logged out of the Fusion Portal.
  • Controls:
    • User Inactivity: Disabled, 10 minutes, 20 minutes, 30 minutes, 40 minutes, 50 minutes, 60 minutes.
    • Show Prompt to User: Show a prompt to the user one minute before they are logged out to give them an opportunity to remain logged in. This button is not displayed if the User Inactivity is set to Disabled.
    • Guidance: Disabled by default.