Federations in DoubleCloud
A federation is a technology that enables you to create a single sign-on system (SSO) with your organization, and use corporate accounts to authorize in DoubleCloud.
Credentials management
DoubleCloud federations use SAML 2.0 to enable Single Sign-On (SSO). This technology allows users to access the console without entering their credentials at every login.
In DoubleCloud federations, a trusted Identity Provider (IdP) stores all the information about usernames and passwords. The service sends users to the IdP's server for authentication.
If your company has a user and access management system (for example, Active Directory or Google Workspace ), you can use it to authorize employees in the DoubleCloud console. In this case, you don't need to create a new DoubleCloud account for every user - they can access our services using their corporate accounts.
Account naming
Account naming depends on the state of the Case-insensitive usernames checkbox:
|
Enabled |
|
|
Disabled |
|
Authentication process
-
A user opens a login link in their browser.
If this is the first time the user authorizes with SSO, the console redirects them to the IdP server for authentication.
If the user is already authorized, this information will be in the browser cookie:
-
If the cookie is still valid, the console authenticates the user and redirects them to the Clusters page.
-
If the cookie is expired, DoubleCloud forwards the user to the IdP server for re-authentication.
-
-
The IdP server shows the authentication page to the user and prompts them to enter their username and password.
-
The user enters the credentials for authentication on the IdP server.
If authentication is successful, the IdP server sends the user's browser back to the console.
-
The console cross-references the provided credentials with the list of federation users. If the user is in the federation, the console authenticates and redirects them to the Clusters page.