An Identity Provider (IdP) is an external source for storing and maintaining user credentials to facilitate a single sign-on environment across multiple availability zones (AZ). The Security Assertion Markup Language (SAML) authenticates and authorizes users between Metacloud Identity service and the IdP. During SAML integration, your Metacloud administrator created a domain with groups that map to the groups in the IdP database. Each group has been assigned a project and a Metacloud admin or member role. The group you belong to determines your Metacloud access.
When you log in to the Metacloud Dashboard, choose your IdP Login from the Authenticate Using drop-down list, enter your Domain, and click Sign In.
The Metacloud Identity service redirects to the IdP service for verification of your user name and password. The IdP returns the authentication and the group mapped by your user name. This SAML-based authentication uses secure tokens to assert identities of users granted the rights to sign in to Metacloud. The Metacloud Identity service then grants a project-scoped token and authorization to access the Dashboard.
When using credentials stored in an IdP, do not change your password using the Metacloud Dashboard. Change your password according to the policies of your organization and then use your new password to log in to Metacloud. If you have any concerns regarding a Dashboard login failure, contact your Metacloud administrator.
Your SSO credentials grant you access to many applications, so protect your SSO password by storing it in a secure manner.
Accessing the CLI
You cannot access the CLI using your IdP credentials. The Keystone credentials are available for local login, specifically for automated services or emergency access, but can also provide a way to access the CLI. Your Metacloud administrator can create a SQL user in a different domain with access to the resources required for your project. Contact your administrator for assistance accessing the CLI.