SAML 2.0 Integration

Owned by Kumar Desai (Unlicensed)
Last updated: Oct 12, 2020 by Anuj Raghuram (Unlicensed)
3 min read

Overview

Integrating Security Assertion Markup Language (SAML) with your HyperCloudTM Platform (HCP) account lets your Tenants log in to the HCP portal using a single sign-on.

Support Matrix

HCP portal supports the following SAML configurations:

  • SAML version 2.0

  • Email Address based Authentication

Integrate HCP with SAML

Before you begin

  • Ensure that you create User Accounts in the Tenant IAM before you integrate your HCP account with SAML.

  • If you are a tenant, you’ll need to request your Tenant Administrator to configure the SAML Provider for you.

To integrate your HCP account with SAML:

  1. Once your SAML Provider is configured, you’ll need to set the default identity provider. Setting the default identity provider lets you define role-based authentication behavior.

  2. The Tenant Authentication behavior will change based on the SAML Authentication configuration as shown below:

    • ROLE_CLOUD_ADMIN or ROLE_TENANT_ADMIN: Your tenants and Admins get a list of identity providers configured for these roles.

       

    • ROLE_USER ONLY: SAML is the default authentication. Tenants and Users with this role will not be able to see other authentication types while logging to the HCP portal.

  3. A user or tenant will be allowed to log in to the tenancy, if your account is configured in the Tenant IAM.

Configure HCP Tenant SAML Provider

Before you begin

  1. Ensure that your HCP Base URL is properly configured in your System Settings.

  2. Retrieve your Metadata.xml file from the Tenant-specific SAML IDP.

  3. Your IDP SAML users should be configured using the following attributes:

    1. User Name

    2. First Name

    3. Last Name

    4. Email Address

  4. You must also note that:

  • If you change your HCP Base URL, you’ll have to perform an application restart.

  • Your tenant metadata must be updated in its Identity Provider (IDP.)

  • Ensure that you create User Accounts in the Tenant IAM before you integrate your HCP account with SAML.

Information: Download Metadata.xml file from HCP

  1. Login to the HCP Portal with ROLE_TENANT_ADMIN role.

  2. Click Administration, and navigate to Users > Click Identity Providers > Click Download SP METADATA.

To configure your HCP Tenant SAML Provider:

  1. Login to the HCP portal with ROLE_TENANT_ADMIN access.

  2. Click on Administration and navigate to Users > Click on Identity Providers > Click on New > Select SAML.

     

  3. Enter a Name for your SAML provider.
    Example: HGCMP-TENANT1-SAML

  4. Copy the data from the Metadata.xml file retrieved in Step 2 of the Before you begin.

  5. Paste the metadata in the IDP Metadata Document text box.

  6. Click on Submit.

  7. Click the SAML Provider to review the details of your SAML IDP metadata.

Login to HCP using SAML

To login to your HCP portal using SAML:

  1. Enter the HCP portal URL in your browser.

  2. Enter your Email or Tenant Email Address.

You’ll be redirected to SAML for authenticating your login based on the configured Tenant and ROLE.

© 2020 CloudSphere