SAML or OIDC or any AAA authentication for cnMaestro Cloud

Enable SAML or OIDC or any AAA authentication in cnMaestro Cloud for integrations with Okta or similar IDP.

Hi @Anthony_Zammit, welcome to the Cambium community.

We are testing SAML authentication for cnMaestro Cloud at the moment (actually for all properties that use the Cambium Single-Sign-On). If you’d like to be part of the test, please send me a private message and we’ll set it up.

Great that you guys are working on this Simon.
Makes it a lot easier to deal with onboard and offboard tech personnel and not deal with forgotten or fragmented user credentials on cloud services.

1 Like

Sorry to be rude.
Had a client ask if there’s been any progress on this ?
Their auditing department will effectively prohibit them from using any cloud service with non federated logins in future.

Yes, we’ve got a few customers using SAML to log in to the Cambium SSO system now. There’s no self-service interface for setting it up at the moment - it needs to be configured by Cambium staff.

SAML is configured for the customer’s email domain. Once it is enabled, all attempts to log in with an email address at that domain will be routed via SAML instead.

Note that SAML is currently used for authentication only, not authorization. You would still manage user permissions from within your cnMaestro account. We may enhance this in the future so that roles/groups in the SAML information can be used for access control within cnMaestro, but we don’t currently have a design for that.

If your client would like to proceed with this, please let me know.

Going to check with the client for you.
Should be doable but would have to check their setup.