The Authentication feature allows you to set the authentication mode for a Partner and an Enterprise user.

To access the Authentication tab:
  1. In the Partner portal, click Administration from the top menu.
  2. From the left menu, click User Management, and then click the Authentication tab. The following screen appears:

Partner Authentication

Select one of the following Authentication modes:
  • Local: This is the default option and does not require any additional configuration.
  • Single Sign-On: Single Sign-On (SSO) is a session and user authentication service that allows SD-WAN Orchestrator users to log in to the SD-WAN Orchestrator with one set of login credentials to access multiple applications. Integrating the SSO service with SD-WAN Orchestrator improves the security of user authentication for SD-WAN Orchestrator users and enables SD-WAN Orchestrator to authenticate users from other OpenID Connect (OIDC)-based Identity Providers (IDPs).
    To enable Single Sign On (SSO) for SD-WAN Orchestrator, you must configure an Identity Provider (IDP) with details of SD-WAN Orchestrator. Currently, the following IDPs are supported. Click each of the following links for step-by-step instructions to configure an OpenID Connect (OIDC) application for SD-WAN Orchestrator in various IDPs:
    You can configure the following options when you select the Authentication Mode as Single Sign-on.
    Option Description
    Identity Provider Template From the drop-down menu, select your preferred Identity Provider (IDP) that you have configured for Single Sign On.
    Note: You can also manually configure your own IDPs by selecting Others from the drop-down menu.
    Organization Id This field is available only when you select the VMware CSP template. Enter the Organization ID provided by the IDP in the format: /csp/gateway/am/api/orgs/<full organization ID>. When you sign in to VMware CSP console, you can view the organization ID you are logged into by clicking on your username. A shortened version of the ID is displayed under the organization name. Click the ID to display the full organization ID.
    OIDC well-known config URL Enter the OpenID Connect (OIDC) configuration URL for your IDP. For example, the URL format for Okta will be: https://{oauth-provider-url}/.well-known/openid-configuration.
    Issuer This field is auto-populated based on your selected IDP.
    Authorization Endpoint This field is auto-populated based on your selected IDP.
    Token Endpoint This field is auto-populated based on your selected IDP.
    JSON Web KeySet URI This field is auto-populated based on your selected IDP.
    User Information Endpoint This field is auto-populated based on your selected IDP.
    Client ID Enter the client identifier provided by your IDP.
    Client Secret Enter the client secret code provided by your IDP, that is used by the client to exchange an authorization code for a token.
    Scopes This field is auto-populated based on your selected IDP.
    Role Type Select either of the following two options:
    • Use default role
    • Use identity provider roles
    Role Attribute Enter the name of the attribute set in the IDP to return roles.
    Partner Role Map Map the IDP-provided roles to each of the Partner user roles.

    Click Update to save the entered values. The SSO authentication setup is complete in the SD-WAN Orchestrator.

SSH Keys

You can create only one SSH Key per user. Click the User Information icon located at the top right of the screen, and then click My Account > SSH Keys to create an SSH Key.

As a Partner, you can also revoke an SSH Key.

Click the Refresh option to refresh the section to display the most current data.

For more information, see Configure User Account details.

Session Limits

Note: To view this section, an Operator user must navigate to Orchestrator > System Properties, and set the value of the system property session.options.enableSessionTracking to True.
The following are the options available in this section:
Option Description
Concurrent logins Allows you to set a limit on concurrent logins per user. By default, Unlimited is selected, indicating that unlimited concurrent logins are allowed for the user.
Session limits for each role Allows you to set a limit on the number of concurrent sessions based on user role. By default, Unlimited is selected, indicating that unlimited sessions are allowed for the role.
Note: The roles that are already created by the Partner in the Roles tab, are displayed in this section.

Click Update to save the selected values.