Set Up Single Sign-On Authentication

Note: In 11.4 or later, Single Sign-On (SSO) authentication can be used to access the UI however only one Active Directory is supported. SSO authentication is not supported on an Analyst UI Deployment.

Single Sign-On authentication enables the user to log in to NetWitness or any other application if the user is authenticated by the same Identity Provider (IDP). The Active Directory Federation Services (ADFS) is the only supported IDP and the protocol used for SSO is SAML 2.0.

NetWitness Single Sign-On Authentication Workflow

The following workflow shows how the user can access NetWitness using Single Sign-On authentication.
netwitness_ssoworkflow.png

The workflow of SSO authentication shows the following:

  1. User tries to access the NetWitness UI using the web browser. For example, https://nw-host/login.
  2. The user is prompted to login into the IDP (ADFS) login page.
  1. The user enters the credentials for authentication.
  2. If the authentication is successful, NetWitness authorizes the user based on the user groups configured on the Active Directory Server and External Role Mapping in NetWitness.
  3. If the authorization is successful, the user is logged into the NetWitness.

Note: If the single sign-on authentication fails, the user cannot access the NetWitness. For more information, see Troubleshooting.