SAML for Single-Sign-On Using Windows 2012 R2

Hover over the numbered steps to learn more about the SAML flow.

SAML for Single-Sign-On Using Windows 2012 R2

The user logs into the Lumen Cloud Control Portal using SAML.

The web application contacts the Lumen Cloud SAML service to initiate the SAML message exchange.

The Lumen Cloud SP sends a digitaly signed SAML authentication request to the enterprise IP.

The IdP returns a signed SAML authentication response message to the Lumen Cloud SP, where it is matched to a User record.

The user is now logged into the Lumen Cloud Control Portal.

  1. The enterprise user of the Lumen Cloud hits a URL that is dedicated to their account. The user is asked how they would like to log into the system and they choose SAML
  2. The web application contacts the Lumen Cloud SAML service to initiate the SAML message exchange.
  3. The Lumen Cloud SP sends a digitally signed SAML authentication request to the enterprise IdP. This IdP takes the user's Kerberos token and validates them as a user on the enterprise network.
  4. The IdP returns a signed (and optionally, encrypted) SAML authentication response message to the Lumen Cloud SP. This message includes a Name ID assertion and that value is matched to a User record in the Lumen Cloud.
  5. The user is logged into the Lumen Cloud and operates under the roles and permissions assigned to their Lumen Cloud user account.

Lumen Cloud supports the use of Security Assertion Markup Language (SAML) for exchanging user authentication data as XML between trusted parties. This industry standard protocol empowers our customers to use their own identity management system for authenticating users of the Lumen Cloud Control Portal.

SAML has three main parties within this flow: the user, the identity provider (IdP), and service provider (SP). The IdP is the repository that holds identity information. The SP is the party that wants to authenticate a particular user who is using an application.

Learn how to configure SAML for Windows 2012 R2

Related Products

Cloud Security

A broad array of managed security options layered to defend Cloud/Hosting workloads.

Cloud Servers

Enterprise-grade public cloud servers available on-demand for legacy and greenfield business applications.

Backups & Block Storage

Persistent, high-performance storage for every enterprise scenario. Easily add backup & DR capabilities as needed.

Object Storage

For large-scale cloud applications, store and manage your files in a highly-scalable, fault-tolerant distributed database.

Firewall

Connect networks within a particular data center through the use of configurable firewall policies, and create firewall policies that connect different data centers.