API

Configure the SSO login

This workflow shows how to create an IDP configuration, including testing it on yourself and configuring an emergency access account.

The configuration consists of the following steps:

  1. Add the Akamai Cloud Service Provider configuration to your IDP software.
  2. Create the IDP configuration.
  3. Test the configuration.
  4. Configure emergency access accounts.
  5. Enforce the SSO login.

Add the Akamai Cloud Service Provider configuration to your IDP software

  1. Download the Akamai Cloud Service Provider metadata file from the https://login.linode.com/saml/sp/metadata page.
  2. In your IDP software, create a new SAML application and upload the metadata file. If your software requires manual configuration, use the values in the table below. Note that different IDPs use different names for the same fields.
Akamai Cloud field nameAlso known asValue
Entity IDIssuer
Issuer ID
Audience URI
Identifier
Application SAML Audience		https://login.linode.com/saml/sp
Assertion Consumer Service URLACS URL
Single Sign-On URL
Reply URL
Application ACS URL		https://login.linode.com/saml/sp/login/acs

Create the IDP configuration

  1. From your identity provider, get an IDP metadata file for SAML identity provider.
  2. Use the metadata file, to create an IDP configuration with enforce set to false. Store the id value from the response.

Test the configuration

  1. Use the stored id value of the IDP configuration to run the Update included users with your username in the request body.
  2. Log in to Cloud Manager. If after you entered your email, you got redirected to the identity provider page and you logged in successfully to Cloud Manager, it means that the configuration was successful. If you encountered any issues and failed to log in, check your IDP configuration details and if needed, update them.

Configure emergency access accounts

📘

Prerequisite

Check Emergency account access to learn more about the emergency accounts access and best practices for their setup.


  1. Use the stored id value of the IDP configuration to run the Update excluded users operation. In the request body, list usernames of users you want to have emergency access to the account.

Enforce the SSO login

  1. Use the stored id value of the IDP configuration to run the Update an IDP configuration operation with the following request body:
{
   "enforce=true"
}

All users of your account have now SSO login enforced, except for users for whom you configured emergency access to the account. Those users will continue to log in with a password.

Updated about 7 hours ago

Updated about 7 hours ago