Acquia CDP
Using single sign-on
Use the following checklist to configure single sign-on (SSO) for your Customer Data Platform (CDP) tenant:
| S. No. | Task |
|---|---|
| 1 | Submit a Support ticket |
| 2 | Configure SAML metadata in IdP |
| 3 | Share the metadata.xml file with Acquia Support |
| 4 | Test the SSO |
| 5 | Add users to CDP |
Submit a Support ticket as an administrator with access to Acquia Support.
After receiving the ticket, Acquia provides the following details for your pre-production tenant:
If you do not have access to the pre-production tenant, mention this in your request. If you are not a security gatekeeper for your tenant, a gatekeeper must approve the access request.
Use the information provided by Acquia Support to configure your IdP for SSO with CDP.
SAML Assertion Consumer Service (ACS)
For example, https://cs-auth.agilone.com/sso/tenantId/vega/saml.
Service Provider EntityId
For example, https://cs-vega-green.agilone.com/tenantId.
Share the generated metadata.xml with Acquia Support through the Support ticket. The file must include the following:
Acquia Support configures your tenant using the metadata.xml file. When you send the metadata.xml file, provide the names and emails of three user accounts for testing your SSO setup.
After Acquia Support sets up SSO for your tenant, test it with the three accounts you provided in the previous step. Each tester can test one scenario. Acquia sets the appropriate access in the staging environment and asks you to set the testers up in your IDP. The testers can test positive and negative access. The following are the scenarios:
| User | Has Acquia CDP account | Has IDP permission on your end | Expected successful outcome |
| User A | Yes | No | User cannot access CDP |
| User B | Yes | Yes | User can access CDP |
| User C | No | Yes | User cannot access CDP |
Administrators must create new user profiles in CDP for any new users before they can log in using the IdP.
Once you test the SSO configuration in pre-production, create user profiles in the production tenant with the appropriate roles for each user.
Customers with a single CDP tenant in the production environment must visit the User Permissions page.
Customers with multiple CDP tenants on production servers, including UAT tenants, must complete the access requests through Acquia Support. For more information, visit the User management page.
After confirming access with the test cases, respond on the same support ticket to request the TenantId, Assertion Consumer Service (ACS), and Service Provider (SP) EntityId for your production tenant. Then, repeat steps 2 through 5.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Acquia CDP