What changes from the BigFix user's perspective

From the BigFix user interfaces operator's perspective, this enhancement affects only authentication.

After enabling SAML authentication for LDAP users:
LDAP operators:
  • Must authenticate to the Web UI and to the Web Reports from the SAML identity provider only by accessing the following URLs:

    https://<WebUI_server> (for the Web UI server, assuming that it uses port 443)

    https://<Web_Reports_server>:8083 (for each Web Reports server, assuming that port 8083 is used)

    Note: The buttons and links to log out from the Web UI and the Web Reports redirect these users to a page where they can click a Re-authenticate button to get back to Web UI and Web Reports pages without having to log back on, unless the IdP login timeout has expired; in this case they are brought back to the IdP login page.
  • Must enable the Use SAML authentication check box in the Console login panel, if the BigFix server was configured to integrate with SAML V2.0.
    Console login panel with SAML check box enabled

    The selection is automatically validated and retained by BigFix for future login requests.

Local non-LDAP operators:
  • Log in to the Web UI or to the Web Reports by accessing the usual login URLs:

    https://<WebUI_server>/login (assuming that the Web UI is set on port 443)

    https://<Web_Reports_server>:8083/login (for each Web Reports server, assuming that Web Reports is set on port 8083)

  • Log in to the BigFix Console from the usual login panel ensuring that the Use SAML authentication check box is not selected.
    Note: If SAML is not enabled in the environment, the Use SAML authentication check box is greyed out.

After SAML is configured and enabled only local non-LDAP users will be able to log in using API; the 4-eyes authentication approvers must be local accounts.