Enable SAML or OIDC or any AAA authentication in cnMaestro Cloud for integrations with Okta or similar IDP.
Hi @Anthony_Zammit, welcome to the Cambium community.
We are testing SAML authentication for cnMaestro Cloud at the moment (actually for all properties that use the Cambium Single-Sign-On). If you’d like to be part of the test, please send me a private message and we’ll set it up.
Great that you guys are working on this Simon.
Makes it a lot easier to deal with onboard and offboard tech personnel and not deal with forgotten or fragmented user credentials on cloud services.
1 Like
Sorry to be rude.
Had a client ask if there’s been any progress on this ?
Their auditing department will effectively prohibit them from using any cloud service with non federated logins in future.
Yes, we’ve got a few customers using SAML to log in to the Cambium SSO system now. There’s no self-service interface for setting it up at the moment - it needs to be configured by Cambium staff.
SAML is configured for the customer’s email domain. Once it is enabled, all attempts to log in with an email address at that domain will be routed via SAML instead.
Note that SAML is currently used for authentication only, not authorization. You would still manage user permissions from within your cnMaestro account. We may enhance this in the future so that roles/groups in the SAML information can be used for access control within cnMaestro, but we don’t currently have a design for that.
If your client would like to proceed with this, please let me know.
Going to check with the client for you.
Should be doable but would have to check their setup.
Hello Simon,
Is it still the case that if you have a cnMaestro X and you want to use SSO that the Cambium staff has to configure this or can we already do this ourselves? If we can are there any whitepapers for this?
Kind regards,
Pedro
Hi Pedro, and welcome to the Cambium community.
Yes, I’m afraid it still needs to be configured by us. Feel free to message me with some details about your Identity Provider and I will get the process started.
Hi Simon,
Is it possible to integrate local cnMaestro with sailPoint IdentityIQ, BeyondTrust PasswordSafe & CA Layer 7 Advanced Authentication SiteMinder. Single Sign-on feature supporting.
Another requirement from cyber security interm of access management is the product complying with:
a. SAML 2.0
b. SAML 1.1
c. WS Federation
d. OpenID or
e. Header based
f. Multi-Factor Authentication
Hi @Ahmed_Sayed, welcome to the community 
I don’t know anything about the products you mention, but cnMaestro On-Premises supports OpenID Connect and SAML 2.0 for authentication. I don’t believe it currently has built-in support for MFA, but if you are using SAML or OIDC, you would implement MFA in your identity provider.