SAML configuration for IdP-initiated sign on

If you want your users to sign in to the OpenVPN Cloud User Portal directly from your Identity Provider’s application dashboard, please follow the steps below:

NOTE: Sign in from the Identity Provider’s dashboard will not result in a VPN connection. Users will still need to establish a VPN connection using OpenVPN Connect client.

  1. First, carry out the steps below to find the value of the Relay State used during the SAML authentication
    1. Install and open SAML extension (https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio?hl=en-US) using Chrome web browser
    2. Login to OpenVPN Cloud as a user by opening https://[cloud-id].openvpn.com using the Chrome web browser
    3. Find and click on the resulting SAML response/request in the opened SAML extension
    4. Find and copy the value for RelayState(see the screenshot below)
    5. Paste the copied value into https://www.urldecoder.org/ and decode.
  2. Log into the Identity Provider’s administration portal and carry out these steps:
    1. Open the settings for the application configured to represent OpenVPN Cloud
    2. Copy decoded value from step 1.e and paste it in the Relay State or equivalent field
  3. After some time, changes will take effect on IdP side and users will be able to login to the OpenVPN Cloud User Portal from the Identity Provider’s application dashboard.