Set up CloudDefense Single Sign-On (SSO)
Do you use an SSO provider and want to allow your developers easy access to CloudDefense via that? In this case, you can set up a single sign-on through your provider. The information you need to establish trust between CloudDefense and the identity provider depends on which type of SSO you are using.
Overview
Just a few simple steps are needed to establish trust between your identity provider (IdP) and CloudDefense.
In your identity provider platform, enter details about the CloudDefense.
Provide CloudDefense with details from your IdP.
Confirm the login process is working correctly.
Depending on the type of SSO connection different details are required for establishing the trust between your identity provider and CloudDefense. The following sections elucidate those details.
Use SAML for SSO
To establish trust with CloudDefense, add an ACS URL/Single Sign On URL.
The Assertion Consumer Service (ACS) is the endpoint on the CloudDefense network that listens for requests from your identity provider to enable communication between users on your network and CloudDefense. This URL is sometimes called a Reply URL.
If some more information is needed such as Entity ID etc. it can be found in CloudDefense metadata.
The Entity ID is the URL that uniquely identifies CloudDefense as a SAML entity or service provider--note, default Entity ID must be checked manually as no default is set for this.
Use these details to set up the connection with your Identity provider (IdP):
| Details | Description |
|---|---|
ACS URL | https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}-saml/endpoint *can be found in SAML (SSO) tab |
Entity ID | https://console.clouddefenseai.com/auth/realms/cdefense *can be found in CloudDefense metadata |
Metadata |
SAML information to provide to CloudDefense
Obtain metadata URL from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side. Information contained in metadata:
| Details | Description |
|---|---|
Sign-In URL | The URL for your identity provider sign-in page |
The URL for your identity provider sign-in page | The identity provider public key, encoded in Base64 format |
The identity provider public key, encoded in Base64 format | Optional - The URL for redirect whenever a user logs out of CloudDefense |
Protocol binding | HTTP-POST is recommended, HTTP-Redirect is also supported |
Use OpenID Connect (OIDC) for SSO (using Okta)
When using OIDC for the connection between your Identity provider and CloudDefense, add the Callback/Redirect URIs in your identity provider to establish trust with CloudDefense.
| Details | Description |
|---|---|
Callback/Redirect URIs | https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}/endpoint *can be found in Okta (SSO) tab |
OIDC information to provide to CloudDefense
Get the following information from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side.
| Details | Description |
|---|---|
Client ID | The public identifier unique for your authorization server |
Client Secret | Needed to get access token |
Domain | IdP domain |
Last updated