Skip to main content

Set SAML Single Sign-On Authentication for Users

Abstract

How to set up SAML Single Sign-On (SSO) as an authentication method for your CloudConnexa users. Provide IdP management for user accounts.

Overview

SAML Single Sign-On (SSO) allows users to authenticate to CloudConnexa using an external identity provider (IdP), such as Okta, Microsoft Entra ID (Azure AD), OneLogin, or Ping Identity.

When SAML authentication is configured, CloudConnexa acts as the SAML Service Provider (SP) and redirects users to the configured IdP for authentication. After successful authentication, CloudConnexa can automatically create user accounts and assign user groups based on configured attribute mappings and user group mapping rules.

CloudConnexa supports:

  • SAML-based user authentication.

  • Automatic user provisioning at first sign-in.

  • User attribute mapping.

  • User group mapping based on SAML attributes.

Note

The Owner always uses the credentials (email and password) associated with the CloudConnexa account. SAML authentication applies only to Users and Administrators of the WPC.

Tip

If you want to offer SAML SSO alongside CloudConnexa Username & Password authentication, refer to Multiple Auth Methods.

Before you begin

Before configuring SAML authentication:

  • Ensure you have administrative access to your IdP.

  • Ensure your IdP supports SAML 2.0.

  • Identify the users or groups that should have access to CloudConnexa.

  • Gather the metadata required by your IdP and CloudConnexa.

Configure SAML SSO

To configure SAML SSO, follow these steps:

  1. Navigate to Settings → User Authentication.

  2. Select Edit.

  3. Select SAML Single Sign-On.

  4. Select Configure.

  5. Configure your identity provider using the information provided in the CloudConnexa Metadata section.

    Tip

    CloudConnexa acts as the SAML SP. Configure CloudConnexa as an application in your identity provider and grant access to the appropriate users. Refer to SAML configuration tutorials and authentication video tutorials.

  6. Select Next.

  7. Configure the attribute mappings used to map SAML attributes to CloudConnexa user fields.

  8. Select Next.

  9. Review the configuration, and select Confirm.

Important

If you replace an existing authentication method with SAML SSO instead of using Multiple Authentication Methods, users created with the previous authentication method are suspended until they authenticate with an enabled authentication method or are otherwise reconfigured.

Note

To set rules for mapping a specific SAML attribute's values to CloudConnexa User Groups, refer to SAML User Group Mapping.

What happens next

After successful authentication:

  • CloudConnexa creates the user account if it doesn't already exist.

  • User attributes are populated from the SAML assertion according to the configured attribute mappings.

  • Any configured SAML user group mapping rules may be applied.

  • The user appears in Users → Users.

Tutorial showing how to set SAML SSO for user authentication