Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Set up CloudDefense.AI Single Sign-On (SSO)

            Modified on Wed, 11 Oct 2023 at 07:46 PM



            Do you use an SSO provider and want to allow your developers easy access to CloudDefense.AI via that? In this case, you can set up a single sign-on through your provider. The information you need to establish trust between CloudDefense.AI and the identity provider depends on which type of SSO you are using.

            Overview

            Just a few simple steps are needed to establish trust between your identity provider (IdP) and CloudDefense.AI.
            • In your identity provider platform, enter details about the CloudDefense.AI 
            • Provide CloudDefense.AI with details from your IdP. 
            • Confirm the login process is working correctly.
            Depending on the type of SSO connection different details are required for establishing the trust between your identity provider and CloudDefense.AI. The following sections elucidate those details.


            Use SAML for SSO

            To establish trust with CloudDefense.AI, add an ACS URL/Single Sign On URL. 
            • The Assertion Consumer Service (ACS) is the endpoint on the CloudDefense.AI network that listens for requests from your identity provider to enable communication between users on your network and CloudDefense.AI This URL is sometimes called a Reply URL. 
            If some more information is needed such as Entity ID etc. it can be found in CloudDefense metadata. 
            • The Entity ID is the URL that uniquely identifies CloudDefense as a SAML entity or service provider--note, default Entity ID must be checked manually as no default is set for this.
            Use these details to set up the connection with your Identity provider (IdP):


            Details
             Description 
            ACS URL
            https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}-saml/endpoint *can be found in SAML (SSO) tab
            Entity ID
            https://console.clouddefenseai.com/auth/realms/cdefense *can be found in CloudDefense metadata
            Metadata







            SAML information to provide to CloudDefense

            Obtain metadata URL from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side. Information contained in metadata:


            Details
            Description
            Sign-In URL
            The URL for your identity provider sign-in page
            The URL for your identity provider sign-in page
            The identity provider public key, encoded in Base64 format
            The identity provider public key, encoded in Base64 format
            Optional - The URL for redirect whenever a user logs out of CloudDefense
            Protocol binding
            HTTP-POST is recommended, HTTP-Redirect is also supported

            Use OpenID Connect (OIDC) for SSO (using Okta)

            When using OIDC for the connection between your Identity provider and CloudDefense, add the Callback/Redirect URIs in your identity provider to establish trust with CloudDefense.


            Details
            Description
            Callback/Redirect URIs
            https://console.clouddefenseai.com/auth/realms/cdefense/broker/{organization-name}/endpoint *can be found in Okta (SSO) tab

            OIDC information to provide to CloudDefense

            Get the following information from your identity provider. Provide this information to CloudDefense to establish trust on the service-provider side.


            Details
            Description
            Client ID
            The public identifier unique for your authorization server
            Client Secret
            Needed to get access token
            Domain
            IdP domain

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0