Single sign-on with Passly

Decommission notice

There are two ways to authenticate with AuthAnvil (renamed Passly):

  • AuthAnvil Authenticator (called Legacy Authenticator in BMS)

  • Single Sign-on with Passly

AuthAnvil Authenticator was deprecated in November 2019 with the release of version 4.0.27. As of July 4, 2020, the current version is 4.0.34. AuthAnvil Authenticator is now scheduled for removal. All organizations must migrate to Passly Single Sign-on (SSO) by August 31, 2020. After this date, users will not be able to log in if your organization is using AuthAnvil Authenticator. For setup instructions, see below.

Single sign-on with Passly

This topic covers how to configure BMS to authenticate users with Passly using SAML based Single Sign-On (SSO).

  1. Create Passly group

  2. Add BMS to Passly

  3. Permissions

  4. Attribute Transformation

  5. Protocol Setup

  6. Download certificate

  7. Passly application assignment

  8. Setup BMS SSO

  9. Enable SSO for employees

Create Passly group

You need to have a Passly user group to associate with the BMS SSO configuration.

  1. In Passly, navigate to Directory Manager > Groups.

  2. Click the '+' button to create a new group.

  3. Give a name to your group.

  4. Click the Add Group button.

  5. Add users to the group.

Add BMS to Passly

  1. Navigate to SSO Manager.

  2. Click the '+' button followed by the book button.

  3. Search for 'Kaseya BMS' in the application catalog and select it.

  4. Check Application is Enabled.

  5. Click Add Application.

Permissions

  1. Navigate to the Permissions tab.

  2. Click Add Group.

  3. Select the group you created previously.

  4. Click Add Groups.

Attribute Transformation

  1. Navigate to the Attribute Transformation tab.

  2. Remove the CompanyName attribute.

  3. Save your changes.

  4. Click Add Custom Attribute Map.

  5. Add back the CompanyName attribute, referencing your tenant name.

  6. Click Add Mapping.

  7. Save your changes.


Protocol Setup

  1. Navigate to the Protocol Setup tab.

  2. For Assertion Consumer URL, change the base URL to the base URL of your BMS server. In the example below, the base URL is na1bmspreview.kaseya.com.

  3. For Service Entity ID, change the base URL to the base URL of your BMS server. In the example below, the base URL is na1bmspreview.kaseya.com.

  4. Save your changes.

Download certificate

  1. Navigate to the Signing and Encryption tab.

  2. Click Download.

Passly application assignment

  1. Navigate to Launchpad in the left menu.

  2. Right-click the BMS application, and copy the link to a text pad.

  3. Click the BMS application.

  4. Verify that you are redirected and logged into BMS.

Setup BMS SSO

  1. In BMS, navigate to Admin > My Company > Auth and Provision.

  2. On the Single Sign On tab, click Upload Certificate.

  3. Select the Passly certificate you previously downloaded.

  4. Set Enable Single Sign On via SAML to Yes.

  5. Paste the Passly login URL you copied above into the SAML Login Endpoint URL field. This enables user authentication with Passly from the BMS login page.

  6. Click Save.

Enable SSO for employees

  1. Navigate to HR > Employees.

  2. Select an employee.

  3. Under External Authentication Type, select SAML SSO.