This comprehensive guide teaches you how to set up SAML authentication for your visitors using Google, which will enhance the security of your network.
Use case
The following sections will provide step-by-step instructions for SAML authentication for your Visitors with Cloudi-Fi and Google.
Prerequisites
Captive portal
Before configuring, please ensure your captive portal can support SAML authentication. If the "Corporate Access" section is unavailable in your existing captive portal, please contact your Support team to update your captive portal (see How to contact your support?)
Walled Garden
Be sure to add the following Google domains listed in Set up a Walled Garden for your captive portal
Warning: for Zscaler, do not add the * as it does not recognize this character
SAML URLs
-
Log into the Cloudi-Fi Admin User Interface
-
Navigate through the menu to locate the "Configuration" option
-
Find and select "Auth modes" within the Configuration settings to explore authentication options.
-
Choose SAML for Setup and gather the Required Details:
Linkback URL
https://login.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/************
- ***** is your Cloudi-fi public key (Go to your Cloudi-fi Admin interface > Settings > Company Account)
Cloudi-Fi Entity ID
https://login.cloudi-fi.net/
1. Create a Google Web App
- Initiating Google Web App Integration:
- Navigate to Apps > Web and mobile apps in your platform's interface.
- Select the option to add a new custom SAML app.
- Fill in the essential details of your web app:
- App Name: Choose a distinctive name that resonates with your web app's functionality.
- Description: A concise overview of your web app's purpose or functionality.
- App Logo: Upload a logo to visually represent your web app.
- Copy Required Information:
- SSO URL: For Single Sign-On functionality.
- URL ID: Unique identifier for your app.
- Certificate: Security certificate for the SAML integration.
Alternatively, download the metadata file containing all the necessary SAML details.
- Configuring SAML Settings For Cloudi-Fi
- Set the Cloudi-Fi ACS URL as the linkback URL and the Entity ID as the Cloudi-Fi Entity ID.
- Enable "Signed response".
- Specify the NameID format as the email address and select the primary email as the name ID.
- Adding Attribute Mappings:
- Map the Google directory attribute "Primary email" to the app attribute "email".
- Map the Google directory attribute "Last name" to the app attribute "lastname".
Complete the setup process.
2. Cloudi-Fi configuration
- Access the Cloudi-Fi Admin User Interface (UI).
- Navigate through Configuration > Auth modes > SAML.
- Enter the necessary SAML details acquired from Google:
- IdP EntityId: SSO URL.
- Binding Method: POST.
- IdP Endpoint: Entity ID.
- Logout Binding Method: POST
- IdP Signing Certificate: Enter the X.509 Certificate details, excluding "Begin Certificate" and "End Certificate" markers.
- Email attribute name: Set as "email".
Finally, click on Save
Once done, you must activate the SAML authentication on your captive portal.
Please contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles available in our online help.