Set up CloudDefense.AI Single Sign-On (SSO)

Modified on Wed, 11 Oct, 2023 at 7:46 PM



Do you use an SSO provider and want to allow your developers easy access to CloudDefense.AI via that? In this case, you can set up a single sign-on through your provider. The information you need to establish trust between CloudDefense.AI and the identity provider depends on which type of SSO you are using.

Overview

Just a few simple steps are needed to establish trust between your identity provider (IdP) and CloudDefense.AI.
  • In your identity provider platform, enter details about the CloudDefense.AI 
  • Provide CloudDefense.AI with details from your IdP. 
  • Confirm the login process is working correctly.
Depending on the type of SSO connection different details are required for establishing the trust between your identity provider and CloudDefense.AI. The following sections elucidate those details.


Use SAML for SSO

To establish trust with CloudDefense.AI, add an ACS URL/Single Sign On URL. 
  • The Assertion Consumer Service (ACS) is the endpoint on the CloudDefense.AI network that listens for requests from your identity provider to enable communication between users on your network and CloudDefense.AI This URL is sometimes called a Reply URL. 
If some more information is needed such as Entity ID etc. it can be found in CloudDefense metadata. 
  • The Entity ID is the URL that uniquely identifies CloudDefense as a SAML entity or service provider--note, default Entity ID must be checked manually as no default is set for this.
Use these details to set up the connection with your Identity provider (IdP):


Details
 Description 
ACS URL
https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}-saml/endpoint *can be found in SAML (SSO) tab
Entity ID
https://console.clouddefenseai.com/auth/realms/cdefense *can be found in CloudDefense metadata
Metadata







SAML information to provide to CloudDefense

Obtain metadata URL from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side. Information contained in metadata:


Details
Description
Sign-In URL
The URL for your identity provider sign-in page
The URL for your identity provider sign-in page
The identity provider public key, encoded in Base64 format
The identity provider public key, encoded in Base64 format
Optional - The URL for redirect whenever a user logs out of CloudDefense
Protocol binding
HTTP-POST is recommended, HTTP-Redirect is also supported

Use OpenID Connect (OIDC) for SSO (using Okta)

When using OIDC for the connection between your Identity provider and CloudDefense, add the Callback/Redirect URIs in your identity provider to establish trust with CloudDefense.


Details
Description
Callback/Redirect URIs
https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}/endpoint *can be found in Okta (SSO) tab

OIDC information to provide to CloudDefense

Get the following information from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side.


Details
Description
Client ID
The public identifier unique for your authorization server
Client Secret
Needed to get access token
Domain
IdP domain

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article