Security Assertion Markup Language (SAML) based single sign-on (SSO) is a standard for exchanging authentication data between an identity provider and a service provider. With Automox, SAML-based single sign-on enables organizations to provide their users with a single point of authentication the Automox Console using their corporate credentials.
Automox supports multiple SAML configurations for all organizations that you manage. Multi-org SAML allows you to create a SAML configuration for each organization, providing specific access based on the org and users.
Currently, multi-org SAML only supports a one to one relationship with orgs. Each org will need its own configuration and its own SAML app.
The process for configuring Multi-Org SAML is the same as Single-Org SAML. In any organization, follow Single-Org SAML configuration steps to set up a SAML configuration.
Once configured, any user with an account in the org with SAML enabled will be redirected to the IDP for login, unless they specify an organization at login.
IDP-initiated logins behave as expected. When a user clicks on a specific app in your IDP for an org, they are redirected to that org. Once logged in, they can optionally navigate to another org that they are part of if they use the Automox multi-org dropdown.
SP-initiated logins behave in many different ways depending on how you want users to reach their specific orgs:
Generic Login: If users visit console.automox.com and attempt login, Automox will default to the SAML configuration of the of the lowest org ID that the specific user has access to. If org A for the user has SAML, the SAML configuration for org A will be used. If org A has password login, and org B has SAML enabled, org B’s SAML configuration will be used.
Define an Org ID: Users can login directly to a specific org if they specify an org ID in the URL at login. If a user specifies org A in their login URL, they will use org A’s SAML configuration to login.
Specifying an org ID in the login URL is easy. The org ID for any given account can be found when logged into the console. The URL shows a parameter for “?o=XXXX,” where XXXX is the org ID. Copy and paste the same “?o=XXXX” parameter into the login URL (https://console.automox.com/login) to force login to that specific org.
Automox recommends bookmarking specific login URLs so that users can navigate directly to specific accounts.
Inviting and Provisioning Users
With Multi-Org SAML enabled, users can be invited to other orgs through the regular user invite workflow. If SAML is enabled in org that you are inviting them to, they will need appropriate access to the SAML app in your IDP.
Provisioning users from the IDP is only supported on IDP-initiated login. To provision a user to a specific org, enable provisioning when setting up the SAML configuration and give the user access to the appropriate app in your IDP. When they attempt login, an account will be created for them in the appropriate org.
Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution, visit www.automox.com/signup.