Skip to main content

SAML authentication with Access Server

Abstract

How to use SAML authentication with OpenVPN Connect and Access Server. Provide your users with SSO logins to connect to the VPN server.

You can sign into OpenVPN Connect with an identity provider (IdP) if your Access Server uses SAML authentication.

This tutorial provides an overview of the following:

  1. Import your profile into OpenVPN Connect with their SSO credentials.

  2. You're connected to Access Server using OpenVPN Connect.

Before you begin

Ensure you have the following:

Tip

We provide instructions below for two scenarios: SAML set as the default authentication method and SAML set as the user's authentication method. They provide different methods for importing a connection profile.

  • An Access Server account.

  • OpenVPN Connect installed.

Import your connection profile — SAML as the default authentication method

Follow these steps to import a connection profile for OpenVPN Connect when SAML is set as the default authentication method:

  1. Launch OpenVPN Connect.

  2. Click or tap on Add or click on the menu and select Import Profile.

  3. Enter the Client Web UI domain as the URL and click Next.

    • A message displays to proceed with authentication in a browser.

  4. Click Sign In.

    • The Client Web UI authentication page displays.

  5. Click Sign In Via SAML.

    • The IdP authentication page displays.

      Note

      OpenVPN Connect 3.4.4 on Windows prompts you to open the URL in your default browser and allows you to copy it to open it in the browser of your choice.

  6. Enter the username or email and password to sign in.

    • You're redirected to the Client Web UI's import page.

      Note

      You may also see a prompt for 2FA or MFA from your SSO provider if this extra step is enabled.

  7. Click Import profile in App.

    • OpenVPN Connect displays a confirmation message to import the profile.

  8. Click Confirm.

  9. The profile is imported, and you can click on it to connect.

Download your connection profile — SAML as the user's authentication method

Follow these steps to download a connection profile and import it into OpenVPN Connect when SAML is set as the user's authentication method:

  1. Open a web browser and navigate to your Client Web UI.

    • The authentication screen displays.

  2. Click Sign In via SAML.

    • You're redirected to your SAML IdP to sign in.

      Note

      OpenVPN Connect 3.4.4 on Windows prompts you to open the URL in your default browser and allows you to copy it to open it in the browser of your choice.

  3. Enter your IdP credentials and sign in.

    • The Client Web UI displays OpenVPN Connect and connection profile download options.

  4. Click on one of the Available Connection Profiles to download it.

    • The connection profile (.ovpn) starts to download.

  5. Once the download completes, open it.

    • OpenVPN Connect opens and asks you if you want to import the .ovpn profile.

  6. Click OK to import the profile.

    • The Imported Profile screen displays the details of the imported profile.

  7. Click Connect.

    • A browser window opens automatically to authenticate with the IdP and then displays the message: "SAML authentication assertion received," and you're connected to Access Server.

In this section: