Skip to main content

Configure SAML/SSO

Set up SAML/SSO for your organization

Prerequisites

This guide assumes the following:

Configure SAML/SSO for your organization

Beneath the "Users" and "Groups" pages on the right-hand navigation, administrators are presented a third link labeled "SSO." Only users belonging to the admin group on the Cloud Console can configure SSO.

Here, administrators configure and enable an SSO policy for their organization. An SSO policy may either be configured manually using the Manual Configuration modal, where IdP information is manually entered, or, policy information may be submitted using a metadata URL by clicking the Metadata URL tab and entering the URL provided by your IdP.

Configure SSO manually

To configure SSO manually, you must have the following information from your identity provider (IdP):

  • The IdP's SSO URL
  • The IdP's unique Entity ID
  • A x.509 security certificate provided by your IdP

To configure the policy manually:

  1. From the SSO configuration screen, enter the SSO URL, the Entity ID, and the provided X.509 Security Certificate.
  2. Click the Next button.
  3. Confirm that the information as displayed is correct.
  4. Click the Deploy SSO button to activate the policy.

Configure SSO using a metadata URL

If your IdP has provided an SSO metadata URL, an administrator can use this to configure SSO instead.

  1. From the SSO configuration screen, click the Metadata URL tab.
  2. Enter the metadata URL.
  3. Click the Next button.
  4. Confirm the information as displayed is correct.
  5. Click the Deploy SSO button to enable the policy.

Manage the SSO policy

Once an SSO policy is deployed, the SSO page contains its information. The policy may then be disabled, re-enabled (if disabled), or the policy may be edited from the SSO page.