What changes from the BigFix user's perspective
From the BigFix user interfaces operator's perspective, this enhancement affects only authentication.
After enabling SAML authentication for LDAP users:
- LDAP or Microsoft Entra ID operators:
- Must authenticate to the Web UI and to the Web Reports from the SAML identity provider only by
accessing the following URLs:
https://<WebUI_server>
(for the Web UI server, assuming that it uses port 443)https://<Web_Reports_server>:8083
(for each Web Reports server, assuming that port 8083 is used)Note: The buttons and links to log out from the Web UI and the Web Reports redirect these users to a page where they can click a Re-authenticate button to get back to Web UI and Web Reports pages without having to log back on, unless the IdP login timeout has expired; in this case they are brought back to the IdP login page. - Must enable the Use SAML authentication check box in the Console login panel, if the
BigFix server was configured to
integrate with SAML V2.0.
The selection is automatically validated and retained by BigFix for future login requests.
- Must authenticate to the Web UI and to the Web Reports from the SAML identity provider only by
accessing the following URLs:
- Local operators:
- Log in to the Web UI or to the Web Reports by accessing the usual login
URLs:
https://<WebUI_server>/login
(assuming that the Web UI is set on port 443)https://<Web_Reports_server>:8083/login
(for each Web Reports server, assuming that Web Reports is set on port 8083) - Log in to the BigFix Console from
the usual login panel ensuring that the Use SAML authentication check box is not
selected.Note: If SAML is not enabled in the environment, the Use SAML authentication check box is greyed out.
- Log in to the Web UI or to the Web Reports by accessing the usual login
URLs:
After SAML is configured and enabled only local operators will be able to log in using API; the 4-eyes authentication approvers must be local accounts.