SAML configuration for IdP-initiated sign on
If you want your users to sign in to the OpenVPN Cloud User Portal directly from your Identity Provider’s application dashboard, please follow the steps below:
NOTE: Sign in from the Identity Provider’s dashboard will not result in a VPN connection. Users will still need to establish a VPN connection using OpenVPN Connect client.
- First, carry out the steps below to find the value of the Relay State used during the SAML authentication
- Install and open SAML extension (https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio?hl=en-US) using Chrome web browser
- Login to OpenVPN Cloud as a user by opening https://[cloud-id].openvpn.com using the Chrome web browser
- Find and click on the resulting SAML response/request in the opened SAML extension
- Find and copy the value for RelayState(see the screenshot below)
- Paste the copied value into https://www.urldecoder.org/ and decode.
- Log into the Identity Provider’s administration portal and carry out these steps:
- Open the settings for the application configured to represent OpenVPN Cloud
- Copy decoded value from step 1.e and paste it in the Relay State or equivalent field
- After some time, changes will take effect on IdP side and users will be able to login to the OpenVPN Cloud User Portal from the Identity Provider’s application dashboard.