SAML for Single-Sign-On Using Windows 2012 R2

Hover over the numbered steps to learn more about the SAML flow.

SAML for Single-Sign-On Using Windows 2012 R2

The user logs into the CenturyLink Cloud Control Portal using SAML.

The web application contacts the CenturyLink Cloud SAML service to initiate the SAML message exchange.

The CenturyLink Cloud SP sends a digitaly signed SAML authentication request to the enterprise IP.

The IdP returns a signed SAML authentication response message to the CenturyLink Cloud SP, where it is matched to a User record.

The user is now logged into the CenturyLink Cloud Control Portal.

  1. The enterprise user of the CenturyLink Cloud hits a URL that is dedicated to their account. The user is asked how they would like to log into the system and they choose SAML
  2. The web application contacts the CenturyLink Cloud SAML service to initiate the SAML message exchange.
  3. The CenturyLink Cloud SP sends a digitally signed SAML authentication request to the enterprise IdP. This IdP takes the user's Kerberos token and validates them as a user on the enterprise network.
  4. The IdP returns a signed (and optionally, encrypted) SAML authentication response message to the CenturyLink Cloud SP. This message includes a Name ID assertion and that value is matched to a User record in the CenturyLink Cloud.
  5. The user is logged into the CenturyLink Cloud and operates under the roles and permissions assigned to their CenturyLink Cloud user account.

CenturyLink Cloud supports the use of Security Assertion Markup Language (SAML) for exchanging user authentication data as XML between trusted parties. This industry standard protocol empowers our customers to use their own identity management system for authenticating users of the CenturyLink Cloud Control Portal.

SAML has three main parties within this flow: the user, the identity provider (IdP), and service provider (SP). The IdP is the repository that holds identity information. The SP is the party that wants to authenticate a particular user who is using an application.

Learn how to configure SAML for Windows 2012 R2

Related Products

Disaster Recovery

Affordable protection for your on-premise data & production VMs. Avoid the enormous costs of IT downtime and data loss with SafeHaven for CenturyLink Cloud.

Cloud Servers

Enterprise-grade cloud servers ready for legacy and greenfield business apps.

Backups & Block Storage

Persistent, high-performance storage for every enterprise scenario. Easily add backup & DR capabilities as needed.

Object Storage

For large-scale cloud applications, store and manage your files in a highly-scalable, fault-tolerant distributed database.

Firewall

Connect networks within a particular data center through the use of configurable firewall policies, and create firewall policies that connect different data centers.