--- title: "Setting up Federated Authentication" date: "2024-02-14T06:18:38+00:00" summary: "Streamline user authentication with our guide to setting up Federated Authentication in Acquia Cloud Platform. Learn how to integrate your Identity Provider, configure SAML, and enable secure single sign-on for your organization." image: type: "page" url: "/acquia-cloud-platform/setting-federated-authentication" id: "c5338561-ca07-4f9d-a189-a7fbb138db67" --- To add an IdP to your Cloud Platform [organization](/acquia-cloud-platform/access/teams/organizations): 1. [Confirm that Federated Authentication is available to your Cloud Platform organization](#confirm-fed-auth). 2. [Submit information from your IdP](#enter-idp-information). 3. [Register your Cloud Platform organization with your IdP](#register-cp-idp). 4. [Enable Federated Authentication](#enable-federated-authentication). 5. [Implement the workaround](/acquia-cloud-platform/add-ons/acquia-cli/known-issues#federated-authentication-does-not-work) for using Federated Authentication with Acquia CLI. Note * The setup process requires you to register the Cloud Platform organization with your IdP. * The Cloud Platform’s SAML integration may be different from others that you have managed because it is an SP-initiated flow. For more information on the SP-initiated flow, see [How does Federated Authentication work?](/acquia-cloud-platform/access/federated-authentication#sp-initiated-flow). * The labels that Acquia uses for SAML concepts, as outlined in the following instructions, may be different from the labels that your IdP uses for the same concepts. Every IdP labels items differently. Part 1: Confirm that Federated Authentication is available to your Cloud Platform organization ---------------------------------------------------------------------------------------------- 1. Confirm with your Account Manager that Acquia has enabled Federated Authentication for the Cloud Platform organization that you want to protect. 2. [Sign in to the Cloud Platform user interface](/node/55875) with the user account that owns the organization or as a user with the _Admin_ [role](/acquia-cloud-platform/access/teams/roles) for that organization. 3. Select **Manage**. 4. Select the organization you want to change. 5. In the left navigation pane, select **Security**. 6. Verify if you can see the **Register an IDP** option. The system displays this option if Federated Authentication is enabled for your account. If you do not see the **Register an IDP** option, contact your account manager. ![cloud-platform_registering-an-idp.png](https://acquia.widen.net/content/hmutr9a9jf/web/cloud-platform_registering-an-idp.png?v=2bb1a09e-728f-4601-959b-e4db4ea11482) Note For IDP-specific instructions, see: * [Okta](/acquia-cloud-platform/help/94586-integrating-federated-authentication-okta "Integrating Federated Authentication with Okta") * [Ping One](/acquia-cloud-platform/help/93266-integrating-federated-authentication-ping-one "Integrating Federated Authentication with Ping One") * [Microsoft Azure Active Directory](/acquia-cloud-platform/help/94056-integrating-federated-authentication-azure-active-directory "Integrating Federated Authentication with Azure Active Directory") Part 2: Submit information from your IdP ---------------------------------------- 1. After you complete the [earlier](#confirm-fed-auth) steps, click **Register an Identity Provider** and specify the following information: ![cloud-platform_configuring-idp.png](https://acquia.widen.net/content/ojpwgdmurp/web/cloud-platform_configuring-idp.png?v=0a1170d0-e612-4606-907c-84f350c1963f) 2. In **Label**, specify a human-readable name for the IdP configuration. 3. In **Entity ID**, specify the entity ID that you obtain from your IdP. Note If you integrate multiple Cloud Platform organizations with your IdP, you must have a unique entity ID for each organization. Therefore, you might need to set up a new application within your IdP where each application has a unique entity ID. 4. In **SSO URL**, specify the URL that you obtain from your IdP. Every IdP structures its SSO URL differently. Ensure that this URL uses the SP-initiated SSO method. 5. In **Public Certificate**, paste the public certificate of your IdP in the PEM format. 6. Select **Submit**. Note Some IdPs require an ACS link before they provide the entity ID or SSO URL. Cloud Platform generates the ACS link once all the listed values are specified. To avoid this issue, enter dummy values for the information that your IdP does not provide. Cloud Platform generates the ACS link despite the dummy values. Before enabling Federated Authentication, ensure that you specify the correct values once they are available. Part 3: Register your Cloud Platform organization with your IdP --------------------------------------------------------------- After you complete [these](#enter-idp-information) steps, the Cloud Platform user interface displays a summary of the information that you must provide to your IdP. Do not forget to update any dummy values you provided while specifying IdP details in Cloud Platform. To update these values, select **Edit**. 1. To register with your IdP, provide the entity ID of Cloud Platform and your IdP’s ACS link. Cloud Platform uses the information provided in [Part 2](#enter-idp-information) to generate an ACS link specific to your IdP. ![cloud-platform_registering-idp-with-your-organization.png](https://acquia.widen.net/content/ed1yzbz54b/web/cloud-platform_registering-idp-with-your-organization.png?v=80fd3cef-e215-42cd-9384-f436233a8ab9) 2. If you specified dummy values in **Entity ID** or **SSO URL** in the previous section, update these fields with the values provided by the IdP. 3. Ensure that your IdP is configured with the following: * The response from your IdP and the assertion within the response must be signed. If not, validation fails. Your IdP must have `ds:Signature...` as a child of `