Scenario for Single Sign-On (SSO) technology usage preparations

When working in combination with Kaspersky Security Center, you can use Single Sign-On (SSO) technology. This enables users that already logged in to the Kaspersky Security Center Web Console to also successfully complete authentication when connecting to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface. This means that any user accounts that are allowed to work with the Kaspersky Security Center Web Console (including Active Directory users) can connect to the Server using their own account credentials.

Single Sign-On technology is available for use with Kaspersky Industrial CyberSecurity for Networks in the Kaspersky Security Center version 13.2 Web Console.

The Single Sign-On (SSO) technology usage preparations scenario consists of the following steps:

  1. Verifying and fulfilling the required conditions for interaction between Kaspersky Industrial CyberSecurity for Networks and Kaspersky Security Center

    At this step, you need to verify fulfillment of all conditions for interaction between Kaspersky Industrial CyberSecurity for Networks and Kaspersky Security Center. If any of the conditions is not fulfilled, ensure that they get fulfilled. For example, if the functionality for interacting with Kaspersky Security Center is not configured in Kaspersky Industrial CyberSecurity for Networks, enable and configure this functionality.

  2. Enabling and configuring the Kaspersky Security Center Web Console Identity and Access Manager (IAM) component

    This stage involves the completion of procedures for installing and configuring the Identity and Access Manager component in the Kaspersky Security Center Web Console. For detailed information about installing and configuring this component, please refer to the Kaspersky Security Center Help System.

    When configuring the IAM component, it is recommended to specify the DNS name of the computer as the network name of the device only if the computer is accessible by this name from the Kaspersky Industrial CyberSecurity for Networks Server computer. If it is accessible only by IP address, specify this IP address instead of the DNS name.

  3. Registering the Kaspersky Industrial CyberSecurity for Networks Server as a client for the IAM component

    At this step, the IAM component detects Kaspersky Industrial CyberSecurity for Networks Servers that are prepared for registration as clients for this component. You need to accept the request for Server registration after it is detected. Detected and registered clients of the IAM component are displayed in a table that you can open in the Kaspersky Security Center Web Console under Console settingsIntegrationIdentity and Access Manager. To register Servers, open the table by clicking the Settings link in the section containing information about registered clients, select the check boxes next to the relevant Servers, and click Approve.

    After you have confirmed registration of the IAM component client, you need to wait for the preparation process to finish. When synchronization between the IAM component and the client is completed, the ready status will be displayed for this client. If the status has not changed, click the Update button.

    The IAM component needs some time to detect clients and synchronize with them. Depending on the workload of the Kaspersky Security Center Administration Server and the Kaspersky Industrial CyberSecurity for Networks Server, it may take up to 15 minutes to complete these actions.

  4. Preparing users with access permissions for connecting to Kaspersky Industrial CyberSecurity for Networks

    At this step, you need to grant access permissions to Kaspersky Security Center users corresponding to the Administrator and Operator roles of Kaspersky Industrial CyberSecurity for Networks. For this purpose, you can use existing user accounts or new accounts of users and groups that were created specifically for granting only these permissions.

When this scenario is fulfilled, Kaspersky Industrial CyberSecurity for Networks will have the capability to connect to the Server through the web interface using the account credentials of Kaspersky Security Center users. To do so, you can use the Kaspersky Security Center user button on the account credentials input page for the Kaspersky Industrial CyberSecurity for Networks web interface.

Page top