MySonicWall External IDP Integration

Description

This document outlines the settings needed to integrate your MySonicWall account with an external (IDP) Identity Provider.

There are currently two supported integrations as listed below:

  1. Microsoft Azure Active Directory
  2. OKTA

This integration allows you to integrate into the above external IDPs. This gives your users the ability to use the same credentials/MFA that is configured in these platforms.

To setup this integration

  • Only one Admin is required to configure these settings in MySonicWall.
  • Once the account is setup to use the external IDP, the Admin can turn on the integration for all Employees of an organization.

 

To configure an external identity provider for MySonicWall:

  1. Log in to your MySonicWall account.
  2. Navigate to Settings |My Account |My personal profile.
  3. Enable Use External Identity Provider under ADDITIONAL OPTIONS group.
     CAUTION: Do not enable for all employees of the organization at this point.
  4. Select the Identity Provider Organization and follow the respective instructions in the document below. 
    a) Okta Configuration
    b) Azure Active Directory Configuration

  5. Once the setup is complete, leave the current browser as-is and test the configuration in another browser.
     TIP: If the username or password is saved on the screen, delete the information, or clear your browser. Manually type the username and hit next to activate the identity provider settings. 
     NOTE: User should be able to successfully login using their identity provider at this step.

  6. Once it is confirmed that the setup is successful, the user can now go back to the External Identity Provider option on MySonicWall and enable external identity provider tImageo all employees of the organization. 

 

Resolution

Microsoft Azure Setup

  1. From the Azure Admin Console, create a new Enterprise Application (Non-Gallery Application).
    Image
    Azure settings:

    Basic SAML Configuration:
    Identifier (Entity ID): https://www.mysonicwall.com
    Reply URL (Assertion Consumer Service URL): https://api.mysonicwall.com/api/extauth
    Sign on URL: Optional
    Relay State (Optional): Optional
    Logout Url (Optional): https://www.mysonicwall.com/muir/ui/logout

  2. Assign Users/Groups to your newly created application.
  3. Copy the App Federation Metadata URL from the Azure app setup. You will use this in the following steps.
    Image

MySonicWall Settings

  1. From within MySonicWall while logged in with the user you want to enable the external IDP on. Click on the username icon in the top left corner in MySonicWall, then click on your name. Click on ‘Use External Identity Provider’ option.
    Image
    Image
  2.  Check ‘I have access to AZURE Metadata URL’. Paste the URL copied from the Azure setup. Click on save.
    Image

    You will now be able to log in using the IDP credentials/MFA.
     NOTE: You may need to clear your browser and retype the username into the MySonicWall login page, the first time you login.

OKTA Setup

  1. From within the OKTA Admin Console, create a new app integration (SAML 2.0)
    Image
    Image
    Image
    OKTA settings:
    SAML General Settings
    Single Sign On URL: https://api.mysonicwall.com/api/extauth
    Recipient URL: https://api.mysonicwall.com/api/extauth
    Destination URL: https://api.mysonicwall.com/api/extauth
    Audience Restriction: https://www.mysonicwall.com

  2. Assign Users/Groups to your newly created application. This can be done under the Assignments tab.
  3. Get the settings from OKTA to be used in the MySonicWall configuration. Click on View SAML setup instructions as shown below.
    Image
  4. Copy the Identity Provider Single Sign-On URL and the X.509 Certificate. These settings will be used in the next steps. 
      a. When you copy the certificate – make sure you only enter the certificate value and not the or text.
    Image
  5. From within MySonicWall while logged in with the user you want to enable the external IDP on. Click on the username icon in the top left corner in MySonicWall, then click on your name. Click on ‘Use External Identity Provider’ option.
    Image
    Image

  6. Paste the SSO URL (the Identity Provider Single Sign-On URL) and the X.509 certificate in the fields as shown below. Click connect and save. You should now be able to log in using the credentials/MFA set on the IDP provider.
      a.When entering the certificate – make sure you only enter the certificate value and not the or text. Image

 NOTE: You may need to clear your broswer and retype the username into the Mysonicwall login page, the first time you login. 

 

 NOTE:  The steps you can follow to obtain the IDP password within your MysonicWall account:

  1. Log in to your MySonicWall account and Navigate to Settings |My Account |My personal profile.
  2. You can view the password by clicking on the info icon next to the External Identity Provider under ADDITIONAL OPTIONS group.  Image
  3. You will now be able to obtain the password as highlighted below, click the view icon to view the password.  Image

    You can now obtain the password and enter it on the device interface to complete the device registration on the GUI.

 NOTE: You can change the password by clicking on the Refresh button.

https://www.sonicwall.com/support/knowledge-base/idp-password-to-register-devices-and-services/240306135211603/

Related Articles

  • PSA Integrations Hub by SonicWall
    Read More
  • Error processing request when downloading Cloud Backup settings from MySonicWall
    Read More
  • Check alerts and notifications on MySonicWall
    Read More

Categories

MySonicWall
Support
not finding your answers?
Ask the Community
was this article helpful?
YesNo