Configure Digi Remote Manager to use SAML Single Sign-On

SAML (Security Assertion Markup Language) is an authentication standard that allows for Digi Remote Manager users to be authenticated by an Identity Provider (for example, Okta). Digi Remote Manager can be configured to provide user identification through a SAML Identity Provider, rather than local user authentication.

Local Digi Remote Manager users

SAML Single Sign-On is configured at the account level, while local authentication is enabled or disabled for each individual user. See Enable Single Sign-On for a user for information about how to enable SAML Single Sign-On for a user.

To access Digi Remote Manager, users that are configured on your Identity Provider must have a corresponding local Remote Manager user. The username passed from the Identity provider must match the local Remote Manager username. See Add a user for information about creating local Remote Manager users.

Note If your Identity Provider uses case sensitivity when authenticating usernames, you must make sure that the user's local Remote Manager username, and the username as configured on the Identity Provider, have identical case.

 

To configure Digi Remote Manager to use SAML Single Sign-On:

  1. Click Account to expand the Account menu.
    • If there are no sub-accounts configured for the account, click Account Details.

    • If there are sub accounts configured, click Accounts and click the appropriate account.

  2. Click SAML SSO.

    3. At the bottom of the SAML Single Sign-On page are several URLs that may be necessary when configuring your Identity Provider to integrate with Digi Remote Manager.

    For example, when configuring an SAML Integration on an Okta tenant for Digi Remote Manager, you will need the following Digi Remote Manager URLs:

    • Digi Remote Manager Single Sign-On URL

    • Digi Remote Manager Audience Restriction (in Okta, this is the Audience URI)

  3. For Single Sign-On URL, type or paste the Single Sign-On URL provided by the Identity Provider.

    For example, with Okta, this is the Identity Provider Single Sign-ON URL. Other providers might refer to this as the Assertion Consumer Service (ACS) URL.

  4. For Entity ID, type or paste the Identity Provider’s Entity ID.

    For example, with Okta, this is the Identity Provider Issuer.

  5. For Certificate, paste the X.509 certificate provided by your Identity Provider.
  6. Click Apply.