Create an SSO Domain

Follow the steps below to create an SSO domain in the LoadMaster:

1. In the LoadMaster WUI, navigate to Virtual Services > Manage SSO.

   

2. Enter the name of the SSO configuration in the Add new Client Side Configuration field and click Add.

   

3. Select the relevant Authentication Protocol.
4. Select the relevant LDAP Endpoint, if using two factor authentication.
5. Enter the address(es) of the RADIUS Server(s) to be used to authenticate this domain and click Set RADIUS Server(s).
   Note: IPv6 is not supported for RADIUS authentication.
   Note: Multiple addresses can be entered using a space-separated list.
6. Enter the RADIUS Shared Secret that is to be used between the RADIUS server and the LoadMaster and click Set Shared Secret.
   Note: The Shared Secret is a text string that serves as a password between the LoadMaster and the RADIUS server.
7. Decide whether or not to enable the Send NAS Identifier check box.
   Note: If this check box is disabled (default), a Network Access Server (NAS) identifier is not sent to the RADIUS server. If it is enabled, a NAS identifier string is sent to the RADIUS server. By default, this is the hostname. Alternatively, if a value is specified in the RADIUS NAS Identifier text box, this value is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed.
8. If you enabled the Send NAS Identifier check box, decide whether or not to specify the RADIUS NAS Identifier.
   Note: If the Send NAS Identifier check box is selected, the RADIUS NAS Identifier field is shown. When specified, this value is used as the NAS identifier. Otherwise, the hostname is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed.
9. Enter the Domain/Realm and click Set Domain/Realm Name.
   Note: This is also used with the logon format to construct the normalized username, for example: - Principalname: <Username>@<Domain> - Username: <Domain>\<Username>
10. Select the relevant logon string format in the Logon Format (Phase 1) drop-down list.
11. Select the relevant logon string format in the Logon Format (Phase 2) drop-down list.
12. Fill out the remaining fields as needed.