SSO SealedTunnel Setup
The SealedTunnel SSO Application allows you to make SealedTunnels accessible via the SSO portal for end-users.
SSO SealedTunnel cards in the SSO Portal allows users to switch tunnels on and off, enabling an additional layer of authentication to access resources.
SealedTunnel SSO Application Setup
- Navigate to the Applications tab on the left-side navigation.
- Find the card labeled SealedTunnel and click the purple Choose button inside the card.
- Click the purple + Add Application button in the top right.
- On the Add SealedTunnel screen, select the
SSO Portalyou would like to add the SealedTunnel card to. - Provide a description of the tunnel's intended use in the
Descriptionfield. - After reviewing the information, click the purple Save button in the bottom.
- Back in the SealedTunnel application list, click the purple pencil button next to your newly created tunnel.
- On the Edit SealedTunnel screen, scroll down and click the + Add Mapping button.
- Provide a
Descriptionof the purpose of this specific Binding. - In the
Bindfield, provide a Mapping for the SealedTunnel to connect on. - Next, select an Exitpoint you would like to associate the Mapping with in the
Exitpointdropdown. - After selecting an Exitpoint, you will see a list of available Mappings populated in the table below.
- Click the checkbox next to the Mapping you would like to associate to this Entrypoint mapping.
- After selecting your Mapping and reviewing the information, click the SAVE button.
- You will now see your Binding listed in the table within the Entrypoint.
- Click the SAVE button to save the Entrypoint with its new binding.
SealedTunnel Application Custom Variables
When configuring the SSO SealedTunnel Application in the Agent Configuration Portal, there is a Helper field that can be customized to provide users with the pre-filled commands to make accessing endpoints more convenient.
Users can click a button and have the Helper commands be copied to their clipboard.
Various Custom Variables are available for use to make these commands more intelligent.
In the guide below, we will use the following sample information:
| Field | Value |
|---|---|
| Domain | example.com |
| Username | exampleuser |
| Map Address | 127.0.0.1 |
| Map Port | 22 |
UPN Reference
If you would like to reference the UPN of a user within the directory service, use the $userad variable. For example:
$userad => exampleuser@example.com
Username Reference
To reference the username by itself (not the full UPN with the domain), use the $user variable. For example:
$user => exampleuser
SealedTunnel Loopback Address Reference
To reference the loopback address that the SealedTunnel is bound to for this Entrypoint/Exitpoint, use the $addr variable. For example:
$addr => 127.0.0.1
SealedTunnel Port Reference
To reference the port of the SealedTunnel binding, use the $port variable. For example:
$port => 22
SealedTunnel Bind Address Reference
To reference the full bind address of the SealedTunnel Entrypoint/Exitpoint (loopback address + port), use the $bind variable. For example:
$bind => 127.0.0.1:22