Open menu
-->

Cloud Conformity ADFS integration guide

Here are the steps to enable SAML SSO using ADFS for Cloud Conformity

ADFS SAML SSO Integration Set-up

Contact your account manager and SSO@cloudconformity.com for help on how to get started.

Integration Steps

01 To define Cloud Conformity in your identity provider as a service provider do one of the following:

A: Import Cloud Conformity Service Provider metadata under Relying party trusts. Latest metadata is available at these URLs:

  • Oregon: https://us-west-2.cloudconformity.com/v1/sso/saml/metadata.xml
  • Sydney: https://ap-southeast-2.cloudconformity.com/v1/sso/saml/metadata.xml
  • Ireland: https://eu-west-1.cloudconformity.com/v1/sso/saml/metadata.xml

B: Define Cloud Conformity as a service provider manually:

  • Entity ID: https://www.cloudconformity.com
  • ACS: https://www.cloudconformity.com/v1/proxy/sso/saml/consume
  • ACS Method: HTTP POST
  • Set Signing and Encryption certificate using this X.509 certificate

02 Set Default Relay State: REGION_OF_SERVICE:YOUR_DOMAIN.com
(This is to enable IdP-initiated sign-on)

03 In Claim Rules dialog, select Send LDAP Attributes as Claims and make sure email address, given name and surname claims are enabled

04 Configure Role mapping

Depending on how you manage your groups, send a group membership claim to map to user role in Cloud Conformity. Users coming through ADFS, can take any of the four supported roles in Cloud Conformity:

  • Admin: This role is the organisation administrator and has full access to everything in Cloud Conformity.
  • Power user: This role has full access to all accounts but no organisation-level access, e.g. cannot manage users or add accounts.
  • Read-only: Similar to power user but only with read-only access to all accounts.
  • Custom: Custom users have no access by default and can be granted fine-grained permissions after their first sign-on, by an organisation administrator.

05 Download and provide us with your identity provider metadata file. ADFS SAML 2.0 metadata should be accessible here: https://ADFS_DOMAIN/FederationMetadata/2007-06/FederationMetadata.xml

Once you have provided identity provider metadata, a member of our team will import it to Cloud Conformity as a trusted identity provider and can begin verifying the integration. Please contact your account manager and SSO@cloudconformity.com for additional help.

 

01

03