Set up CloudDefense Single Sign-On (SSO)
Last updated
Last updated
Do you use an SSO provider and want to allow your developers easy access to CloudDefense via that? In this case, you can set up a single sign-on through your provider. The information you need to establish trust between CloudDefense and the identity provider depends on which type of SSO you are using.
Just a few simple steps are needed to establish trust between your identity provider (IdP) and CloudDefense.
In your identity provider platform, enter details about the CloudDefense.
Provide CloudDefense with details from your IdP.
Confirm the login process is working correctly.
Depending on the type of SSO connection different details are required for establishing the trust between your identity provider and CloudDefense. The following sections elucidate those details.
To establish trust with CloudDefense, add an ACS URL/Single Sign On URL.
The Assertion Consumer Service (ACS) is the endpoint on the CloudDefense network that listens for requests from your identity provider to enable communication between users on your network and CloudDefense. This URL is sometimes called a Reply URL.
If some more information is needed such as Entity ID etc. it can be found in CloudDefense metadata.
The Entity ID is the URL that uniquely identifies CloudDefense as a SAML entity or service provider--note, default Entity ID must be checked manually as no default is set for this.
Use these details to set up the connection with your Identity provider (IdP):
ACS URL
https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}-saml/endpoint *can be found in SAML (SSO) tab
Entity ID
https://console.clouddefenseai.com/auth/realms/cdefense *can be found in CloudDefense metadata
Metadata
Obtain metadata URL from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side. Information contained in metadata:
Sign-In URL
The URL for your identity provider sign-in page
The URL for your identity provider sign-in page
The identity provider public key, encoded in Base64 format
The identity provider public key, encoded in Base64 format
Optional - The URL for redirect whenever a user logs out of CloudDefense
Protocol binding
HTTP-POST is recommended, HTTP-Redirect is also supported
When using OIDC for the connection between your Identity provider and CloudDefense, add the Callback/Redirect URIs in your identity provider to establish trust with CloudDefense.
Callback/Redirect URIs
https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}/endpoint *can be found in Okta (SSO) tab
Get the following information from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side.
Client ID
The public identifier unique for your authorization server
Client Secret
Needed to get access token
Domain
IdP domain