Skip to main content

Set SAML Single Sign-On authentication for Users

Abstract

CloudConnexa supports one form of user authentication at a time. CloudConnexa (Email/Password) authentication is the default user authentication. SAML Single Sign-On authentication can be set up for user authentication.

CloudConnexa supports one form of user authentication at a time. CloudConnexa (Email/Password) authentication is the default user authentication. Other means of user authentication are SAML and LDAP. The authentication check is performed, as applicable, whenever the User/Administrator attempts to:

  1. Sign in to the User/Adminstration portal.

  2. Sign in with the OpenVPN Connect app to add a connection Profile.

  3. Connect to WPC using the OpenVPN Connect app.

Note

The Owner will always use the credentials (email and password) set when creating the CloudConnexa account for login, profile download, and connection. This SAML Single Sign-On authentication method applies to Users and Administrators of the WPC.

To set SAML Single Sign-On authentication as the user authentication method, follow the steps below:

Note

Users using the previous authentication method will be suspended upon changing the User Authentication method. For example, if User A was created with SAML authentication and the authentication method is changed to CloudConnexa (Username/Password), User A will be suspended.

  1. Navigate to Settings > User Authentication.

  2. Click Edit, which is located in the top right corner.

  3. Select the SAML Single Sign-On option.

  4. Click Configure.

  5. CloudConnexa acts as the SAML Service Provider (SP). CloudConnexa must be configured as an internet application Service Provider in your Identity Provider (for example, Okta, OneLogin, etc.) with the information provided in the CloudConnexa Metadata section. Appropriate users need to be granted access to the CloudConnexa application in the Identity Provider (IdP), and the Identity Provider information needs to be configured in the Identity Provider Metadata. Refer to SAML Configuration Tutorials and SAML Configuration Videos.

  6. Click Next, which is located in the bottom right.

  7. Provide the information to map the SAML attributes sent in response to the CloudConnexa User record fields in the Attribute Mapping section. Refer to SAML Configuration Tutorials and SAML Configuration Videos.

  8. Click Next, which is located in the bottom right.

  9. Verify the information, and click Confirm.

Note

To set rules for mapping a specific SAML attribute's values to CloudConnexa User Groups, refer to Set SAML Single Sign-On User Group Mapping Rules

On successful authentication, a User will be created and shown in the Users > Users table with the information received from the LDAP Server and mapped as per the Attribute Mapping configuration and User Group Mapping Rules.

Tutorial showing how to set SAML Single Sign-On for user authentication