You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/vendor/team-management-saml-auth.md
+21-20Lines changed: 21 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,21 +4,19 @@ This topic describes how to enable or disable SAML authentication for the Replic
4
4
5
5
## About Using SAML with the Vendor Portal
6
6
7
-
After starting out with Replicated, most teams grow, adding more developers, support engineers, and sales engineers. Eventually, managing access to the Vendor Portal can become difficult. Replicated supports logging in using SAML, which lets you manage access (provisioning and unprovisioning accounts) through your SAML identity provider.
7
+
After starting out with Replicated, most teams grow, adding more developers, support engineers, and sales engineers. Eventually, managing access to the Vendor Portal can become difficult. Replicated supports logging in using SAML, which lets you manage access (provisioning and deprovisioning accounts) through your SAML identity provider.
8
8
9
9
Using SAML, everyone on your team logs in with their existing usernames and passwords through your identity provider's dashboard. Users do not need to sign up through the Vendor Portal or log in with a separate Vendor Portal account, simplifying their experience.
10
10
11
-
### Service ProviderInitiated Login
11
+
### Service Provider-Initiated Login
12
12
13
-
You can start the SAML sign-in flow directly from the Vendor Portal. Go to the SAML login page at `https://vendor.replicated.com/login-saml`. Based on your team's SAML configuration, the Vendor Portal redirects you to your identity provider to complete authentication. IdP-initiated login from your identity provider dashboard is also supported. By default this only works for existing and invited users, however your account team can optionally enable JIT provisioning of users who input email addresses that match your team's domain (this will redirect any email with @domain.com to your IDP for auth.)
13
+
You can start the SAML sign-in flow directly from the Vendor Portal on the SAML login page at `https://vendor.replicated.com/login-saml`. Based on your team's SAML configuration, the Vendor Portal redirects you to your identity provider to complete authentication.
14
14
15
-
### Enabling SAML in Your Vendor Account
16
-
17
-
To enable SAML in your Vendor Portal account, you must have an Enterprise plan. For access to SAML, you can contact Replicated through [Support](https://vendor.replicated.com/support). For information about the Enterprise plan, see [pricing](https://www.replicated.com/pricing/).
15
+
IdP-initiated login from your identity provider dashboard is also supported. By default, this only works for existing and invited users. However, your account team can optionally enable JIT provisioning of users who input email addresses that match your team's domain. This will redirect any email with `@domain.com` to your IDP for authentication.
18
16
19
17
### SCIM
20
18
21
-
For automated user provisioning and deprovisioning, you can enable System for Cross-domain Identity Management (SCIM). SCIM requires SAML to be configured first. For more information, see [Manage SCIM Provisioning (Beta)](team-management-scim-provisioning).
19
+
For automated user provisioning and deprovisioning, you can also enable System for Cross-domain Identity Management (SCIM). SCIM requires SAML to be configured first. For more information, see [Manage SCIM Provisioning (Beta)](team-management-scim-provisioning).
22
20
23
21
### Compatibility with Two-Factor Authentication
24
22
@@ -28,18 +26,25 @@ If SAML authentication is configured for your team, Replicated two-factor authen
28
26
29
27
Replicated supports Role Based Access Control (RBAC) in the Vendor Portal. To use RBAC with SAML, you must configure policies and add users to the policies by their username. Usernames are the identity of the user in your identity provide (IDP). Typically, this username is the full email address. For more information about configuring RBAC, see [Configure RBAC Policies](team-management-rbac-configuring).
30
28
31
-
## Downloading Certificates from Supported SAML providers
29
+
## Supported SAML Providers
32
30
33
-
You must retrieve the metadata and x.509 public certificate files from your SAML provider before configuring SAML in the Vendor Portal. The certificate file must be in PEM format.
31
+
Replicated tests several SAML providers, but the service should be compatible with any SAML 2.0 compliant service provider.
34
32
35
-
Replicated tests several SAML providers, but the service should be compatible with any SAML 2.0 compliant service provider. We provide full support for the following SAML providers:
33
+
Replicated provides full support for the following SAML providers:
36
34
37
-
* Okta. For more information about integrating Okta with Replicated, see [Configure Okta](#configure-okta).
35
+
* Okta
38
36
* OneLogin
39
37
* Duo
40
38
39
+
## Configure and Enable SAML
40
+
41
+
### Prerequisites
42
+
43
+
* To enable SAML in your Vendor Portal account, you must have an Enterprise plan. For access to SAML, you can contact Replicated through [Support](https://vendor.replicated.com/support). For information about the Enterprise plan, see [pricing](https://www.replicated.com/pricing/).
41
44
42
-
## Configure Okta
45
+
* Download certificates from supported SAML providers: You must retrieve the metadata and x.509 public certificate files from your SAML provider before configuring SAML in the Vendor Portal. The certificate file must be in PEM format.
46
+
47
+
### Configure Okta
43
48
44
49
The first part of the Vendor Portal and Okta integration is configured in the Okta dashboard. This configuration lets you download the XML Metadata file and x.509 public certificate in PEM format required for the SAML authentication.
45
50
@@ -73,18 +78,14 @@ To configure Okta and download the required files:
73
78
74
79
1. Click **Identity provider metadata** to download the Metadata.xml file. This likely opens an XML download that you can right-click and select **Save Link As…** to download this file.
75
80
76
-
### Next Step
81
+
####Next Step
77
82
78
83
Configure and enable SAML in the Vendor Portal. For more information, see [Configure SAML](#configure-saml).
79
84
80
-
## Configure SAML
85
+
###Configure SAML
81
86
82
87
When you initially configure SAML, we do not recommend that you disable username/password access at the same time. It is possible, and recommended during testing, to support both SAML and non-SAML authentication on your account simultaneously.
83
88
84
-
**Prerequisite**
85
-
86
-
- Download your XML Metadata file and x.509 public certificate PEM file from your SAML provider. For more information on supported SAML providers and how to find these files, see [Supported SAML providers](#downloading-certificates-from-supported-saml-providers).
87
-
88
89
To configure SAML:
89
90
90
91
1. Log in to the Vendor Portal [Team Members page](https://vendor.replicated.com/team/members) as a user with Admin access.
@@ -100,11 +101,11 @@ To configure SAML:
100
101
101
102
1. Click **Upload Metadata & Cert**.
102
103
103
-
### Next Step
104
+
####Next Step
104
105
105
106
At this point, SAML is configured, but not enabled. The next step is to enable SAML enforcement options. For more information, see [Enable SAML Enforcement](#enable-saml-enforcement).
106
107
107
-
## Enable SAML Enforcement
108
+
###Enable SAML Enforcement
108
109
109
110
After you have uploaded the metadata and x.509 public certificate PEM file, you must enable SAML enforcement options. Replicated provides options that can be enabled or disabled at any time. You can also change the IDP metadata if needed.
0 commit comments