View federated pairs
You can view the list of configured federated pairs in the Access administration portal in Profile > Federated Pairs.
•Information and metadata for a SP and IdP pair
•Assigning a policy to a federated pair
Information and metadata for a SP and IdP pair
For information and metadata for a federated pair, expand the row for the federated pair or click on the icons under Actions.
Figure 1. Federated pairs details
Item |
Description |
Name |
Name you entered for the federated pair. |
Policy |
Name of the conditional policy applied to the federated pair. For an Office 365 federated pair, the Passive Policy name is displayed. |
Certificate SSO |
Indicates whether certificate-based single sign-on is configured for the pair. |
Access SP Metadata (Upload to IdP) |
Access generates proxy metadata by combining the service provider metadata and the signing certificate. You upload the Access (SP) metadata to the IdP. •Click Download to download the Access proxy metadata for the SP. •Click View to view the Access proxy metadata for the SP. •Click Copy URL to copy the proxy metadata and upload to IdP. |
Access IDP Metadata (Upload to SP) |
Access generates proxy metadata by combining the IdP metadata and the signing certificate. You upload the Access (IdP) proxy metadata to the cloud service provider. •Click the Download to download the Access proxy metadata for the IdP. •Click the View to view the Access proxy metadata for the IdP. •Click Copy URL to copy the proxy metadata and upload to SP. |
Actions |
|
Assign policy icon |
Click to assign a conditional policy. For an Office 365 federated pair, you can choose a passive policy or an active logon policy. |
Edit icon |
Click to edit the settings for the federated pair. |
Vertical three dots |
Click for additional actions available for the federated pair: •Delete: Click to delete the federated pair •View SP Metadata: Click to view the metadata you uploaded for the cloud service provider (SP) . •View IDP Metadata: Click to view the metadata you uploaded for the identity provider (IdP). •Download PowerShell Commands for ADFS: Click to download the PowerShell script to run the commands. •Download PowerShell Commands for Office 365: Click to download the PowerShell script to run the commands. |
Assigning a policy to a federated pair
If a policy is not applied to a federated pair, the default policy is applied.
During the initial setup, Ivanti recommends that you do not make changes to the default policy.
Procedure
1. | In the Access administration portal, go to Profile > Federated Pairs. |
2. | For the federated pair, click ![]() |
3. | In the Assign Policy dialog, from the Policy drop down list select a policy. |
4. | Click Assign. |
5. | Click Publish. |
If you do not Publish the changes, the updates are not applied.
Editing a federated pair
If you make changes to a federated pair, change the metadata file, or the signing certificate, you must upload an updated proxy metadata file to the service provider and the IdP.
Procedure
1. | In the Access administration portal, go to Profile > Federated Pairs. |
2. | For the federated pair, click Actions > Edit. |
3. | After editing, click Publish. |
If you do not Publish the changes, the updates are not applied.
Deleting a federated pair
The following provides the steps for deleting a federated pair.
Procedure
1. | In the Access administration portal, go to Profile > Federated Pairs. |
2. | For the federated pair, click Actions > Delete. |
3. | In the pop-up box, click Delete. |
4. | After deleting, click Publish. |
If you do not Publish the changes, the updates are not applied.
Delete, removes the Federated pair from Access. However, to also remove Access from the federated login path to the service provider, you must establish or restore the direct federation between your service provider and identity provider.