HP Anyware Manager as a service SAML Multi Admin setup

Rate this Article
Average: 1 (1 vote)

May 26, 2022

Last modified: 09/03/2023, 6:07 pm

Knowledge Base Article Tutorial Authentication Management HP Anyware

To allow additional administrators to manage deployments within your HP Anyware Manager, you must configure your SAML

 

There are multiple Identity Provider (IDP) out there that you can use to integrate to HP Anyware Manager as long as SAML 2 integration is supported.
In theory this setup will also work in the HP Anyware Manager (standalone) as long as it has access to the IDP that supports SAML see page for more information.

In this tutorial we will be setting up the Multi admin using Azure as the IDP and this is only for individual user authentication.

Prerequisites:
Admin to the cam.teradici.com in order to access Multi Admin settings
Access to Azure console
You must have the correct permissions to your IDP otherwise you won't be able to create the SAML Toolkit

Steps:
Login to your Azure console
Then look for Azure Active Directory
image.png

On the Azure Active Directory blade look for Enterprise Application

image.png

In the All applications blade click New Application
image.png

Search for SAML toolkit and then click Azure AD SAML Toolkit
image.png

Type in your desired name and click Create
image.png

After the creation of the SAML Toolkit it will provide you an Overview click on the Single Sign-on
image.png

click SAML
image.png

You will be presented by the Setup Single Sign-On with SAML blade
image.png

Edit the Basic SAML Configuration and on another browser/tab login to cam.teradici.com and go to Multi Admin settings

On the Sign on URL section, copy the link from the Anyware Manager login page from the Multi Admin settings
image.png

Paste that information to the Sign on URL field
image.png

Then for the Identifier (Entity ID), copy the information from the Audience URL (Entity ID)
image.png
Paste to the Identifier (Entity ID) field
image.png

Click Add reply URL
Copy/paste the same information from the Assertion Consumer Service URL (callback URL)
image.png

To the Add reply URL field
image.png

Then click Save
image.png

After that go to SAML signing certificate from the Single sign-on blade and click download Federation Metadata XML
image.png

Go back to the Multi Admin settings and upload it to the IDP settings then click Save
image.png
Go back to the Configuration info tab and Enable the toggleimage.png
Go to the Allowed admins tab and type the email address of the additional administrator(s) and click Add Admin
image.png
Once the additional administrator had been added, that person can use the URL to login
image.png
Open a new browser/tab and use that URL in order to manage your deployment as the additional administrator
image.png
 


If you want to add a group instead of individual user

Go back to the SAML-based Single sign-on blade
Edit the Attributes & Claims
image.png

On the Attributes & Claims blade click the Add a group claim
image.png
Fill out the group that you need to add
image.png
Your group will be created after you click Save, copy the claim name of your group
image.png

Then go to the Multi admin settings and paste it to the Allowed groups and click Save
image.png


References: 
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial
https://www.teradici.com/web-help/cas_manager_as_a_service/cam_admin_console/saml_configuration/#configure-cas-manager-as-a-saml-service-provider-to-enable-multi-admin