Integrate with an Identity Provider
Foxpass integrates with your identity provider to spread SSO across your entire infrastructure. We also set up ongoing syncs with your identity provider, sfao any changes to your directory are instantly reflected in Foxpass. No more cumbersome steps. If you'd like users to maintain one password across the web, Wi-Fi®, VPN, machines, etc., follow these steps to help set it up.
How to integrate with your Identity Provider
- Set up sync for users & groups
- Go to the 'Directory Sync' page and find your primary identity provider. Enable sync as needed.
- You can sync only users or groups or sync them both at the same time. Sync runs every 10-20 minutes on average.
- User sync will automatically add new users into Foxpass or update any further information for them. Any users disabled or removed in your identity provider will be disabled in Foxpass.
- Group sync will create and manage group memberships in Foxpass according to group membership in your identity provider.
- You can check the status of your sync from the page after adding credentials.
- If you don't see your identity provider listed, contact us to add it as a source.
- Set up delegated authentication
- Delegated authentication allows users to maintain one password across their main identity provider and Foxpass. Select your identity provider in the 'Password authentication delegation' panel on the 'Authentication Settings' page.
- Subsequent LDAP and RADIUS requests check your identity provider's password instead of the one in Foxpass. Check the LDAP or RADIUS logs to see if the login attempts are succeeding.
- Note: Foxpass cannot always integrate with your identity provider if 2FA is turned on for their logins. If you'd like to keep 2FA on but still have users use one password across both services, read below for instructions on enabling Password Sync.
- Next Steps. Extra options for more advanced usage.
- Enable password sync. Password sync will push changes to a user's Foxpass password back to an identity provider. This allows users to keep one password and also keep 2FA enabled for their main identity provider. Check the bottom panel on the 'Authentication Settings' page to enable password sync. If you don't see the panel, contact us to add support for your identity provider.
Wi-Fi is a trademark of Wi-Fi Alliance®
Updated over 1 year ago