Account security

Multi-factor authentication to the Cloudimage Console

Last updated 1 year ago

Was this helpful?

Account security

Multi-factor authentication to the Cloudimage Console

Single Sign-On

The access to the Cloudimage administration Console supports SSO over SAMLv2. Cloudimage officially supports several Identity Providers (IDPs) and can integrate with any IDP that speaks SAML 2.0. You can integrate Cloudimage as a Service Provider (SP) with your IDP to allow your Cloudimage administrators to log in to the Console with a federated account and enjoy SSO.

Please note that SSO is only available for accounts with company email domains on ENTERPRISE plans. Gmail.com, yahoo.com, aol.com, etc. are not supported for SSO.

Configure

Step 1. Collect the Cloudimage Service Provider details

Copy the ACS URL / Consumer URL and Entity ID / Audience ID or download the Service Provider XML from the link provided. These values are needed for configuring Cloudimage as a Service Provider or Relying Party Trust (ADFS) in your IDP.
Within your Identity Provider, add a Service Provider (generic term, Ping Federate), Application (OKTA), or Relying Party Trust (ADFS) using the information gathered in the previous step.
Make sure the IDP is returning the user's email address as NameID in the SAML assertion with the format emailAddress (see note below for ADFS).
Go back to the Cloudimage Console to finish the configuration.

ADFS as IDP

If you are using ADFS as IDP, you will need to configure the following two Issuance Transform Rules for the Relying Party Trust:

Step 2. Configure the Identity Provider details in the Cloudimage Console

Fill in the Identity Provider section:

Entity ID: the entity ID from your IDP as per the IDP's metadata.xml.
SSO Target URL: IDP single sign-on URL.
SAML Single Logout Service URL: IDP single sign-out URL (usually the same as SSO Target URL).
Signing Certificate: IDP's signing certificate is log inas per the IDP's metadata.xml. This certificate is used by Cloudimage to verify the SAML assertion's signature returned by the IDP.

Step 3. Test Single Sign-On

Using your Cloudimage admin account's email from your company, try to log in.

Enjoy SSO and additional security!

PreviousURL sealing NextOrigin security

Last updated 1 year ago

Was this helpful?

Single Sign-On

Please note that SSO is only available for accounts with company email domains on ENTERPRISE plans. Gmail.com, yahoo.com, aol.com, etc. are not supported for SSO.

Configure

Step 1. Collect the Cloudimage Service Provider details

Copy the ACS URL / Consumer URL and Entity ID / Audience ID or download the Service Provider XML from the link provided. These values are needed for configuring Cloudimage as a Service Provider or Relying Party Trust (ADFS) in your IDP.
Within your Identity Provider, add a Service Provider (generic term, Ping Federate), Application (OKTA), or Relying Party Trust (ADFS) using the information gathered in the previous step.
Make sure the IDP is returning the user's email address as NameID in the SAML assertion with the format emailAddress (see note below for ADFS).
Go back to the Cloudimage Console to finish the configuration.

ADFS as IDP

If you are using ADFS as IDP, you will need to configure the following two Issuance Transform Rules for the Relying Party Trust:

Step 2. Configure the Identity Provider details in the Cloudimage Console

Fill in the Identity Provider section:

Entity ID: the entity ID from your IDP as per the IDP's metadata.xml.
SSO Target URL: IDP single sign-on URL.
SAML Single Logout Service URL: IDP single sign-out URL (usually the same as SSO Target URL).
Signing Certificate: IDP's signing certificate is log inas per the IDP's metadata.xml. This certificate is used by Cloudimage to verify the SAML assertion's signature returned by the IDP.

Step 3. Test Single Sign-On

Using your Cloudimage admin account's email from your company, try to log in.

Enjoy SSO and additional security!