Single Sign-On

The access to the Cloudimage administration Console supports SSO over SAMLv2. Cloudimage officially supports several Identity Providers (IDPs) and can integrate with any IDP that speaks SAML 2.0. You can integrate Cloudimage as a Service Provider (SP) with your IDP to allow your Cloudimage administrators to login to the Console with a federated account and enjoy SSO.

SSO is only available for accounts with company email domains on ENTERPRISE plans. Gmail.com, yahoo.com, aol.com, etc. ... are not supported for SSO.

Step 1: collect the Cloudimage Service Provider details

  1. Copy the ACS URL / Consumer URL and Entity ID / Audience ID or download the Service Provider XML from the link provided. These values are needed for configuring Cloudimage as a Service Provider or Relying Party Trust (ADFS) in your IDP.
  2. Within your Identity Provider, add a Service Provider (generic term, Ping Federate), Application (OKTA) or Relying Party Trust (ADFS) using the information gathered in the previous step.
  3. Make sure the IDP is returning the user's email address as NameID in the SAML assertion with format emailAddress (see note below for ADFS).
  4. Go back to the Cloudimage Console to finish the configuration.

ADFS as IDP

If you are using ADFS as IDP, you will need to configure following two Issuance Transform Rule for the Relying Party Trust:

Step 2: configure the Identity Provider details in Cloudimage Console

Fill the Identity Provider section:

  • Entity ID: the entity ID from your IDP as per the IDP's metadata.xml.
  • SSO Target URL: IDP single sign-on URL.
  • SAML Single Logout Service URL: IDP single sign-out URL (usually the same as SSO Target URL).
  • Signing Certificate: IDP's signing certificate as per the IDP's metadata.xml. This certificate is used by Cloudimage to verify the SAML assertion's signature returned by the IDP.

Step 3: test Single Sign-On

Using your Cloudimage admin account's email from your company, try to login.

Enjoy SSO and additional security!