Cloud Connected

Thoughts and Ideas from the Gitana Development Team



Single Sign On (SSO)

May 1

Cloud CMS introduces a Single Sign-On service that will make it easy for the users to connect using their already existing business accounts.

Cloud CMS supports two Enterprise SSO features – SAML 2.0 and JWT. These are two popular SSO mechanisms that work with many commercial and open-source identity providers including Microsoft Active Directory Federation Services (ADFS), JBoss Keycloak etc.

Using SAML 2.0 and JWT, Cloud CMS can be easily integrated with your corporate security infrastructure. Users who log in using either SAML or JWT will have their accounts automatically created and synchronized within Cloud CMS. Cloud CMS will not have any password information stored since the username/password sign on happens somewhere else. Not just the custom user properties but even the groups from either the JWT payloads or SAML assertions can be mapped into Cloud CMS letting the information be synchronized.

Try this feature out yourself using SAML 2.0:

  1. Log into Cloud CMS as a user who has Manager rights over the platform. Usually this is the administrator of the platform or someone on the DevOps/IT side.
  2. On the left-side, select Platform Settings.
  3. On the sub-menu, select SSO.

To enable SSO using SAML, select “SAML 2.0” from the selection list. Next step is to configure the settings like providing the URL of the Identity Provider you want to redirect to and the field mappings which lets you synchronize the user properties from the identity provider into Cloud CMS.

image

SAML 2.0 merely describes the redirection of the browser to the identity provider, the login and the POST back to Cloud CMS of the assertion. Once Cloud CMS receives the assertion, it will sync the user and then authenticate as that user (through its own means).

Try this feature out yourself using JWT:

  • Go to Platform Settings > SSO.
  • Select JWT from the list as below

The configuration screens look like:

image

image

Once the JWT is configured, requests coming into Cloud CMS are expected to have a header or a cookie that contains a JWT token. This token is used to identify the user and also map the user properties with Cloud CMS to have synchronization.

Provide the necessary information as above. Further, you can provide the field mappings to synchronize the user properties of JWT profile fields into Cloud CMS. While logging in again, the system will check whether the JWT token is found and is valid. It can also be redirected to a remote login. Visit the documentation for more information.

Any questions?

I hope this article encourages you to further explore the many features of Cloud CMS. If you have a question, or cannot find a feature you are looking for, or have a suggestion - please Contact Us.