Set SAML Single Sign-On Authentication for Users
How to set up SAML Single Sign-On (SSO) as an authentication method for your CloudConnexa users. Provide IdP management for user accounts.
Overview
SAML Single Sign-On (SSO) allows users to authenticate to CloudConnexa using an external identity provider (IdP), such as Okta, Microsoft Entra ID (Azure AD), OneLogin, or Ping Identity.
When SAML authentication is configured, CloudConnexa acts as the SAML Service Provider (SP) and redirects users to the configured IdP for authentication. After successful authentication, CloudConnexa can automatically create user accounts and assign user groups based on configured attribute mappings and user group mapping rules.
CloudConnexa supports:
SAML-based user authentication.
Automatic user provisioning at first sign-in.
User attribute mapping.
User group mapping based on SAML attributes.
Note
The Owner always uses the credentials (email and password) associated with the CloudConnexa account. SAML authentication applies only to Users and Administrators of the WPC.
Tip
If you want to offer SAML SSO alongside CloudConnexa Username & Password authentication, refer to Multiple Auth Methods.
Before you begin
Before configuring SAML authentication:
Ensure you have administrative access to your IdP.
Ensure your IdP supports SAML 2.0.
Identify the users or groups that should have access to CloudConnexa.
Gather the metadata required by your IdP and CloudConnexa.
Configure SAML SSO
To configure SAML SSO, follow these steps:
Navigate to Settings → User Authentication.
Select Edit.
Select SAML Single Sign-On.
Select Configure.
Configure your identity provider using the information provided in the CloudConnexa Metadata section.
Tip
CloudConnexa acts as the SAML SP. Configure CloudConnexa as an application in your identity provider and grant access to the appropriate users. Refer to SAML configuration tutorials and authentication video tutorials.
Select Next.
Configure the attribute mappings used to map SAML attributes to CloudConnexa user fields.
Tip
Refer to SAML configuration tutorials and authentication video tutorials.
Select Next.
Review the configuration, and select Confirm.
Important
If you replace an existing authentication method with SAML SSO instead of using Multiple Authentication Methods, users created with the previous authentication method are suspended until they authenticate with an enabled authentication method or are otherwise reconfigured.
Note
To set rules for mapping a specific SAML attribute's values to CloudConnexa User Groups, refer to SAML User Group Mapping.
What happens next
After successful authentication:
CloudConnexa creates the user account if it doesn't already exist.
User attributes are populated from the SAML assertion according to the configured attribute mappings.
Any configured SAML user group mapping rules may be applied.
The user appears in Users → Users.