Versions Compared

Old Version 1

changes.mady.by.user Kumar Desai (Unlicensed)

Saved on

compared with

New Version 2

changes.mady.by.user Kumar Desai (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

...

Integrating Security Assertion Markup Language (SAML) with your Cloud Management Platform (CMP) account lets your Tenants log in to the CMP portal using a single sign-on.

Support Matrix

...

CMP portal supports the following SAML configurations:

  • SAML version 2.0

  • Email Address based Authentication

Integrate CMP with SAML

...

Before you begin

...

  • Ensure that you create User Accounts in the Tenant IAM before you integrate your CMP account with SAML.

  • If you are a tenant, you’ll need to request your Tenant Administrator to configure the SAML Provider for you.

Integrate CMP with SAML

...

To integrate your CMP account with SAML:

  1. Once your SAML Provider is configured, you’ll need to set the default identity provider. Setting the default identity provider lets you define role-based authentication behavior.

  2. The Tenant Authentication behavior will change based on the SAML Authentication configuration as shown below:

    • ROLE_CLOUD_ADMIN or ROLE_TENANT_ADMIN: Your tenants and Admins get a list of identity providers configured for these roles.

      Image RemovedImage Added

    • ROLE_USER ONLY: SAML is the default authentication. Tenants and Users with this role will not be able to see other authentication types while logging to the CMP portal.

  3. A user or tenant will be allowed to log in to the tenancy, if your account is configured in the Tenant IAM.

Configure SAML

...

Before you begin

...

note

Note

  • If you change your CMP Base URL, you’ll have to perform an application restart.

  • Your tenant metadata must be updated in its Identity Provider (IDP.)

  • Ensure that you create User Accounts in the Tenant IAM before you integrate your CMP account with SAML.

Note

  • If you change your CMP Base URL, you’ll have to perform an application restart.

  • Your tenant metadata must be updated in its Identity Provider (IDP.)

  • Ensure that you create User Accounts in the Tenant IAM before you integrate your CMP account with SAML.

  1. Ensure that your CMP Base URL is properly configured in your System Settings.

  2. Retrieve your Metadata.xml file from the Tenant-specific SAML IDP.

  3. Your IDP SAML users should be configured using the following attributes:

    1. User Name

    2. First Name

    3. Last Name

    4. Email Address

Info

Info: Download Metadata.xml file from CMP

  1. Login to the CMP Portal with ROLE_TENANT_ADMIN role.

  2. Click Administration, and navigateto Users > Click Identity Providers > Click Download SP METADATA.

Configure CMP Tenant SAML Provider

...

To configure your CMP Tenant SAML Provider:

  1. Login to the CMP portal with ROLE_TENANT_ADMIN access.

  2. Click Administration and navigate to Users > Click Identity Providers > Click New > Select SAML.

    Image RemovedImage Added

  3. Enter a Name for your SAML provider.
    Example
    HGCMP-TENANT1-SAML

  4. Copy the data from the Metadata.xml file retrieved in Step 2 of the Before you begin.

  5. Paste the metadata in the IDP Metadata Documenttext box.

  6. Click Submit.

  7. Click the SAML Provider to review the details of your SAML IDP metadata.

    Image RemovedImage Added

Login to CMP using SAML

...

To login to your CMP portal using SAML:

...