When you sign in to the management console using an external identity provider (IDP) that is configured for custom authentication, you must sign in using the 'Or sign in with your External Identity Provider' link with your external IDP credentials. Arctic Wolf recommends that you configure your external IDP as an authenticator and use an authentication policy to sign in from the main sign in screen using your IDP credentials. Configuring your external IDP as an authenticator provides more granularity and flexibility in the authentication configuration.

To configure an external IDP to sign in to the management console from the main sign in screen, do the these actions.

If you configured your existing IDP as an authenticator before December 2023 and you want to allow users to directly access the Endpoint Defense console from the IDP user portal, see Configure authentication for sign-in.

Step	Action
	Review the Considerations for adding SAML authenticators.
	Sign in to the Endpoint Defense console with your external IDP.
	Configure the external IDP to communicate with Aurora Endpoint Security. Record the custom authentication information Configure the authenticator
	Configure the Default Authentication policies for your tenant that uses the authenticator that you created. Note: As a failsafe, create one user policy that only uses the Endpoint Defense console password and assign it to one administrator.
	Verify that the Allow Password Login check box (Settings > Application > Custom Authentication) is selected. This option allows you to log in to the console directly and use SSO. Enable this option to test your SSO settings without being locked out of the console.
	Sign in to the Endpoint Defense console from the main sign in screen and test the external IDP sign in credentials policy.
	(Optional) Disable Custom Authentication (Settings > Application).