SAML Authentication
OpenVPN Connect supports SAML authentication when configured on the server.
OpenVPN Connect supports SAML authentication with servers configured to use it. This authentication model relies on an external SAML identity provider (IdP) with a web interface. When you start a connection on OpenVPN Connect, the app receives instructions from the VPN server to open the web address of the SAML IdP to start the authentication process.
The authentication methods accepted at the IdP depend on the IdP configuration — such as username and password or an MFA challenge. The SAML IdP may also choose to use other methods, such as X509 client-certificate authentication.
Here is the flow for SAML authentication for an imported profile:
Launch OpenVPN Connect.
Click or tap on the desired profile.
OpenVPN Connect opens the SAML IdP's web address in a browser as instructed by the server.
Note
OpenVPN Connect 3.4.4 on Windows prompts you to open the URL in your default browser and allows you to copy it to open it in the browser of your choice.
Authenticate with the SAML IdP.
The server is informed of the successful authentication result, and your profile connects to the server.
(Optional) You can close the web browser if it opens outside of OpenVPN Connect.
Important
SAML authentication requires configuration with the server you're connecting with. Ensure the server — such as CloudConnexa or Access Server — is configured as the service provider (SP) and the SAML authentication happens with an identity provider (IdP).