|
| 1 | +--- |
| 2 | +title: How to set up identity federation |
| 3 | +description: This page shows you how to set up identity federation on your Organization |
| 4 | +dates: |
| 5 | + validation: 2025-09-21 |
| 6 | + posted: 2025-08-21 |
| 7 | +--- |
| 8 | + |
| 9 | +You can set up Identity Federation at Scaleway to ensure your [members can log in via Single Sign-On (SSO)](). |
| 10 | + |
| 11 | +At Scaleway we use Security Assertion Markup Language (SAML) to provide Identity Federation. You can link user identities across multiple independent systems and organizations to enable SSO across domains. You can manage your Scaleway identities via your Identity Provider of choice, as long as the provider supports SAML. |
| 12 | + |
| 13 | +<Requirements /> |
| 14 | + |
| 15 | +- A Scaleway account logged into the [console](https://console.scaleway.com) |
| 16 | +- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization |
| 17 | + |
| 18 | +## How to set up a SAML connection |
| 19 | + |
| 20 | +1. Go to your security settings. |
| 21 | +2. Scroll to the **Identity Federation** section. |
| 22 | +3. Click **Set up SSO**. A pop-up appears. |
| 23 | +4. Copy the URLs displayed in the pop-up. |
| 24 | + |
| 25 | + The information in the first step are the URLs referring to Scaleway that will be requested by your Identity Provider to create a link between platforms. They are: |
| 26 | + - The assertion consumer service (ACS) URL, and |
| 27 | + - Scaleway's entity ID |
| 28 | + |
| 29 | +5. Click **Next**. |
| 30 | +6. Enter the requested URLs in their respective boxes. |
| 31 | + |
| 32 | + This is the information referring to your Identity Provider that Scaleway needs to confirm the connection. They are: |
| 33 | + - The Single Sign-On URL, and |
| 34 | + - The Identity Provider's Entity ID |
| 35 | +7. Click **Confirm**. |
| 36 | +8. Enter the signing certificate generated by your Identity Provider in the box. |
| 37 | + <Message type="important"> |
| 38 | + You can close the Identity Provider pop-up without adding the certificate right away. The certificate can [be added at a later time](#how-to-add-a-certificate). However, while the certificate is not added, the connection between Scaleway and your Identity Provider will not be complete and the SSO feature will not work for your Organization members. |
| 39 | + </Message> |
| 40 | +9. Click **Complete setup**. |
| 41 | + |
| 42 | +## How to update the connection configuration |
| 43 | + |
| 44 | +If you change your Identity Provider, you will need to re-configure your SAML connection. |
| 45 | + |
| 46 | +1. Go to your security settings. |
| 47 | +2. Scroll to the **Identity Federation** section. |
| 48 | +3. Click **Edit configuration**. A pop-up appears. |
| 49 | +4. (Optional) Replace the Identity Provider's Single Sign-On URL and Entity ID with the information of your new one. |
| 50 | +5. Click **Confirm**. |
| 51 | + |
| 52 | +## How to add a certificate |
| 53 | + |
| 54 | +If you started the connection set up, but did not add a certificate right away, you can add it after. While the certificate is not added, the connection between Scaleway and your Identity Provider will not be complete and the SSO feature will not work for your Organization members. |
| 55 | + |
| 56 | +1. Go to your security settings. |
| 57 | +2. Scroll to the **Identity Federation** section. |
| 58 | +3. Click **+ Add certificate**. A pop-up appears. |
| 59 | +4. Enter the signing certificate generated by your Identity Provider in the box. |
| 60 | +5. Click **Confirm**. |
| 61 | + |
| 62 | +## How to renew a certificate |
| 63 | + |
| 64 | +You must regularly update your signing certificate in the frequency set by your Identity Provider. To renew a certificate: |
| 65 | + |
| 66 | +1. Go to your security settings. |
| 67 | +2. Scroll to the **Identity Federation** section. |
| 68 | +3. Click **Renew certificate**. A pop-up appears. |
| 69 | +4. Enter the signing certificate generated by your Identity Provider in the box. |
| 70 | +5. Click **Confirm**. |
| 71 | + |
| 72 | +## How to delete a connection |
| 73 | + |
| 74 | +1. Go to your security settings. |
| 75 | +2. Scroll to the **Identity Federation** section. |
| 76 | +3. Click **Delete SSO**. |
| 77 | + <Message type="important"> |
| 78 | + A pop-up appears to warn you that: |
| 79 | + - Deleting the connection will also delete your identity federation configuration and disable SAML-based SSO connections, preventing Members from logging in via this method. You can reconfigure identity federation at any time. |
| 80 | + </Message> |
| 81 | +4. Type **DELETE** in the box to confirm. |
| 82 | +5. Click **Delete**. |
0 commit comments