Manage federations

To perform any actions with your user federation:

1. Go to the console.

2. In the upper-left corner of the page, click your organization name → Manage organizations.

3. Select Members from the panel on the left, open the Federations tab and click the name of the federation you want to manage.

Edit a federation

To edit a federation:

1. In the upper-right corner of your federation's information page, click Edit.

2. On the Edit Federation page:

   1. Specify the Name of your federation.

   2. Specify the Cookie lifetime in minutes.

      DoubleCloud federations support cookie lifetime from 10 to 720 minutes (12 hours).

   3. Specify the IdP issuer.

   4. From the dropdown menu, select the SSO method:

      • POST - send your token from the SSO server using the HTTP POST method. Your token will always be encrypted. We recommend using this method as a more secure solution.

      • REDIRECT - send your token from the SSO server using an HTTP redirect . This is a more straightforward method of authentication since it doesn't require a POST request. However, it has some security limitations - your authentication token will be included in the URL, potentially exposing it to server logs.

   5. Provide a link to the IdP login page.

   6. Under Advanced:

      • Select the state of the Automatically create users checkbox:

        Enabled	Users will be added to the federation automatically at the first SSO login. They'll also automatically become members of the organization to which their federation belongs.
        Disabled	Users need to be invited to the federation individually.

      • Choose the state of the Sign authentication requests checkbox:

        Enabled	Enable the SAML request signature verification. We strongly recommend using this option to improve your federation's security.
        Disabled	Disable the SAML Request signature verification.

      • Select the state of the Case-insensitive user names checkbox:

        Enabled	NewUser@company.com, newuser@company.com, and newuser@Company.com are the same user.
        Disabled	NewUser@company.com, newuser@company.com, and newuser@Company.com are different users.

3. Click Submit.

Add a certificate

When the identity provider (IdP) confirms to the DoubleCloud service that a user has been authenticated, they sign the message with their certificate. To enable your organization to verify this certificate, add it to your federation:

1. On your federation's information page, under Certificates, click Add certificate.

2. In the File upload dialog:

   1. Specify a Name for your IdP certificate.

   2. Select an upload Method:

   Upload

   Text

   1. Click Choose a file.

   2. Find your .pem certificate and click Open.

   1. Open your .pem certificate in a text editor.

   2. Copy all the text from the opened file and paste it into the Content field.

   1. Click Submit.

Delete a certificate

To delete a certificate:

1. To the right of the certificate's name, click → Delete.

2. In the dialog window, confirm deletion and click Delete.

Delete a federation

To delete a federation:

1. In the upper-right corner of your federation's information page, click Delete.

2. In the dialog window, confirm deletion and click Delete.

See also

• Federations in DoubleCloud