Part 1: Confirm that Federated Authentication is available to your Cloud Platform organization¶

1. Confirm with your Account Manager that Acquia has enabled Federated Authentication for the Cloud Platform organization that you want to protect.
2. Sign in to the Cloud Platform user interface with the user account that owns the organization or as a user with the Admin role for that organization.
3. Select Manage.
4. Select the organization you want to change.
5. In the left navigation pane, select Security.

6. Verify if you can see the Register an IDP option. The system displays this option if Federated Authentication is enabled for your account. If you do not see the Register an IDP option, contact your account manager.

   

Part 2: Submit information from your IdP¶

1. After you complete the earlier steps, click Register an Identity Provider and specify the following information:

   
2. In Label, specify a human-readable name for the IdP configuration.

3. In Entity ID, specify the entity ID that you obtain from your IdP.

   Note

   If you integrate multiple Cloud Platform organizations with your IdP, you must have a unique entity ID for each organization. Therefore, you might need to set up a new application within your IdP where each application has a unique entity ID.

4. In SSO URL, specify the URL that you obtain from your IdP. Every IdP structures its SSO URL differently. Ensure that this URL uses the SP-initiated SSO method.
5. In Public Certificate, paste the public certificate of your IdP in the PEM format.
6. Select Submit.

Part 3: Register your Cloud Platform organization with your IdP¶

After you complete these steps, the Cloud Platform user interface displays a summary of the information that you must provide to your IdP. Do not forget to update any dummy values you provided while specifying IdP details in Cloud Platform. To update these values, select Edit.

1. To register with your IdP, provide the entity ID of Cloud Platform and your IdP’s ACS link.

   Cloud Platform uses the information provided in Part 2 to generate an ACS link specific to your IdP.

   
2. If you specified dummy values in Entity ID or SSO URL in the previous section, update these fields with the values provided by the IdP.
3. Ensure that your IdP is configured with the following:
   • The response from your IdP and the assertion within the response must be signed. If not, validation fails. Your IdP must have ds:Signature... as a child of <saml:Assertion….
   • Ensure that your IdP sends the RelayState to Cloud Platform.

Part 4: Enable Federated Authentication¶

1. After completing these steps, select Enable.

   Cloud Platform displays a confirmation dialog box.

2. Select the confirmation checkbox and select Enable.

   The Cloud Platform user interface displays a confirmation window indicating that your IdP is enabled.

   

   After Federated Authentication is enabled, you and your users must authenticate with your external IdP when you access the Cloud Platform organization.