Learn About Amazon VGT2 Learning Manager Chanci Turner
Many organizations today leverage single sign-on (SSO) to enhance security, ensure compliance, streamline access management, and elevate user experience. For some, it is essential that all corporate applications, including disaster recovery (DR) solutions, utilize SSO for authentication purposes.
Integrating CloudEndure Disaster Recovery, provided by AWS, with your identity provider’s (IdP) SSO using the SAML 2.0 protocol can facilitate this need. This integration allows organizations that mandate SSO to protect their resources and workloads effectively, giving users secure and swift access to their DR solutions. For a comprehensive guide, step-by-step instructions for configuring SSO with Microsoft Active Directory Federated Services (ADFS) can be found in the CloudEndure documentation.
CloudEndure Disaster Recovery transitions your DR strategy to AWS Cloud, moving away from physical or virtual data centers, private clouds, or other public clouds. This blog post will outline the steps to set up SSO SAML authentication for CloudEndure Disaster Recovery using Okta as the IdP. The steps include:
- Creating the CloudEndure application in Okta.
- Configuring the SAML integration for the CloudEndure application in Okta.
- Generating the IdP certificate.
- Setting up CloudEndure to use SAML.
- Adding users to Okta and CloudEndure for access.
Configuring Okta
To begin, log into your Okta account. If you do not have one, you can easily create a 30-day trial account. After completing the registration process, access the admin console by clicking the Admin button in the top right corner. If multi-factor authentication (MFA) is set up, you will be prompted to enter your MFA token.
Once in the admin console, navigate to the Applications menu and choose Applications.
Select Add Application.
Next, click on Create New App.
Choose Web as the Platform and select SAML 2.0 as the Sign-On method, then click Create.
For General Settings, input a name for the application, keeping other defaults intact, and click Next.
Note: For instance, I named the application “CloudEndure.” If you have multiple CloudEndure accounts—one for DR and another for migration—you may want to name them distinctly for user clarity.
In the Configure SAML section, provide the following details, then select Next when finished:
- Single Sign-On URL:
https://console.cloudendure.com/api/v5/assertionConsumerService - Audience URL (SP Entity ID):
https://console.cloudendure.com - Default RelayState:
https://console.cloudendure.com/#/signIn;<CE account UUID> - Name ID format:
EmailAddress - Application Username:
None - Update application username on:
Create and update.
The following attributes are optional:
- Name:
username - Value:
email
Note: Additional information regarding obtaining your universally unique identifier (UUID) can be found in the section below.
Complete Okta support feedback, and select Finish.
You should now see the Sign-On Methods. Click on View Setup Instructions to access the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate. Make sure to copy these details for the next section on configuring CloudEndure Disaster Recovery.
Obtaining Your Account Universally Unique Identifier (UUID)
In a local text editor like Notepad++, create the relayState URL. Ensure you copy this into the Okta settings to avoid any special character issues when pasting the account UUID. Failure to encode this string properly may result in an “error occurred during sign in” message with an HTTP 500 error.
To find your CloudEndure Account UUID, access Developer Tools in your browser. For Chrome:
- Click on the Google Chrome menu (three vertical dots on the right), then select More Tools.
- Choose Developer Tools and navigate to the Network tab.
- Log into your account and check Extended Account Info.
- Look for the parameter labeled “account” to find your Account UUID.
Configuring CloudEndure Disaster Recovery
Open a new tab or window in your browser and log into your CloudEndure account with an admin user.
On the top right, click the User Settings icon and select Configure SAML. Use the details obtained from configuring Okta. Enter the Identity Provider Issuer as the Identity Provider ID, the Identity Provider Single Sign-On URL as the Identity Provider URL, and the X.509 Certificate as the Identity Provider Certificate. After completing this, click Save Configuration.
Important: As noted in the following screenshot, it is wise to bookmark and save “this link” to regain access to your CloudEndure account in case of SAML configuration errors.
Note: When inputting the Identity Provider Certificate, download the X.509 Certificate or copy it to a text editor first, removing any new line characters—everything should be one continuous line before pasting it into the CloudEndure console.
Log out of the CloudEndure console and return to the Okta dashboard. Click on Directory and then People.
Select your username and choose Assign Applications.
Assign the username: <Enter email-id used for CloudEndure login> and click Save.
For SSO to function, the email used to log into Okta must correspond to a valid CloudEndure user. For instance, if you create the Okta account using user+test1@mycompany.com while the CloudEndure username is user@mycompany.com, an error may occur. In such cases, go to the Admin console in Okta > Directory > People > Add people. Make sure to create a user with an email address that matches the CloudEndure username. After that, log out and log back into Okta as the new user.
In Okta, navigate to My Apps on the right side, which will take you to a homepage featuring a button labeled CloudEndure. Selecting this button should log you into your CloudEndure account.
Congratulations! You’ve successfully set up SAML-based SSO using Okta for CloudEndure Disaster Recovery.
For further insights, consider checking out this blog post on the role of SSO in employee management. Additionally, you might find McDonald’s approach to emergency childcare intriguing, as they are an authority on this topic.
Lastly, this resource offers excellent insights into Amazon’s training strategies.
Leave a Reply