As described in Single Sign-On, Single Sign-On (SSO) enables users to log into Security Awareness Training using your organization's common authentication service.
This optional SSO solution is implemented with the OAUTH2 specification.
Enabling Single Sign-On
To enable Single Sign-On:
- Navigate to System > Single Sign On (OAUTH2).
- Click New.
- Complete the information in this section. If you need help with any of the information, ask the system administrators in your organization.
- Identity Provider Name – Enter a name to use as the label for the new SSO button on Barracuda Networks' Security Awareness Training login screen after you enable SSO. This name is not part of the SSO configuration itself.
- Discovery URI – (Optional, but recommended) If the identity provider has a discovery endpoint enter it here. After you enter the URI, most of the other configuration options for SSO will be entered automatically. If you do not have a Discovery URI, you must enter information manually.
Enter the Client ID and Client Secret you received from the identity provider when you set up the Security Awareness application.
- Enter the following values with information obtained from your identity provider. If you entered a valid Discovery URI in Step 3 above, these values are automatically entered for you.
User Informational Endpoint – Optional
Endpoint Authorization Method – Not always provided as part of the discovery process, but must be set to a value supported by the identity provider.
Endpoint Response Method – Not always provided as part of the discovery process, but must be set to a value supported by the identity provider.
Client Scopes – Must include the openid and email scopes.
- PKCE Enabled – Enable OAUTH2 Proof Key for Code Exchange (PKCE). PKCE allows the embedded application to authenticate without the need for the OAUTH2 Client Secret.
- Hidden – If checked, the login button for this SSO configuration will be hidden from the login form. This is used primarily for SSO configurations that are intended for the RestAPI OAUTH2/ODIC authentication.
After you have enabled the Single Sign On (OAUTH2) configuration, the SSO button appears on the top of the Security Awareness Training login form.
Navigate to System > User Manager to change the Authorization Type for affected users to Single Sign On (OAUTH2). For details, refer to User Management.