This will require SAML login only for this account and all sub accounts. Back in the Control Portal Authentication settings page, check the "Require SAML for Login" option and the "Apply to all Sub Accounts" options.Both of these values are required to configure SAML in Lumen Cloud Control Portal. You should see a SAML 2.0 Endpoint and a X.509 Certificate. While still in the OneLogin administrator interface, click on the "SSO" tab to view SAML configuration information required to plug in to the Control Portal settings.There are a number of other settings that OneLogin supports or that may be supported by other IdPs, but this is the minimal configuration required on the OneLogin side for SAML authentication to work. Click the "Save" button in the upper right hand corner to save the OneLogin configuration.(You will find the Single Logout URL also available on the Control Portal page from Step 2 above.) Optionally, you may provide other values in the additional fields if you know them. Now, on the "Configuration" tab, enter the URL you copied from Step 2 in the section above into the "SAML Consumer URL" field.Rename this app to "Lumen Cloud Control Portal" and click the "Save" button.It should be called "OneLogin SAML Test (IdP)". In the search field, type "onelogin saml" and select the first app that shows up.From the "Apps" menu, select "Add Apps".Now login to the OneLogin end-user dashboard.It should be in the format of (Highlighted in the screenshot below.) For now, just take note of the "Relying Party Assertion Consumer Service URL" listed there. Click the "SAML 2.0 Authentication" checkbox to show all the available settings.In the Lumen Cloud Control Portal, from the Account Settings page, navigate to the "Users" tab and the "Authentication" sub-menu.The steps below assume you have already signed up for a OneLogin account and are able to login to its administrator interface. Though we are using OneLogin in our example here, of course the principles will apply for any IdP with support for SAML and MFA. In this example, we will use the cloud-based identity and access management solution OneLogin as our identity provider since it is free to use as a demo, easy to setup, and supports both SAML and MFA. The following steps will walk through the process of configuring the IdP to add users, enabling MFA and SAML, and configuring Lumen Control Portal's SAML settings to enforce the use of the IdP. In the example below, however, we will use a separate software-as-a-service vendor as the identity provider in order to also enforce multi-factor authentication. This way, the Lumen Cloud platform can provide flexible, standards-based capabilities while allowing an organization to keep the nuts-and-bolts of their IdM configurations in their pre-existing systems.įor more details and how SAML works in general and how to specifically setup an ADFS IdP for use with Control Portal, refer to Using SAML for Single-Sign-On. Now, with the addition of the Require SAML for Login option provided by Control Portal, customers can force users to authenticate through their identity providers to enable additional identity management features like multi-factor authentication (MFA) and user provisioning. This industry standard protocol empowers customers to use their own SAML-supported identity management system for authenticating users of the Lumen Control Portal. As described in Using SAML for Single-Sign-On, Lumen Cloud supports the use of Security Assertion Markup Language (SAML) for exchanging user authentication data as XML between trusted parties.
0 Comments
Leave a Reply. |