Cambium uses a Single Sign-On system to allow you to use a single user account across all of our applications, including cnMaestro, LINKPlanner, cnHeat, Cambium Learning, the Help Desk and the Community.
If your company uses a SAML 2.0-compliant Identity Provider (such as Google Workspace, Microsoft Azure / Entra ID, Okta among others), we can configure our SSO system to delegate to your Identity Provider for anyone with an email address matching your company domain.
If you would like to connect your SAML 2.0 Identity Provider to Cambium’s SSO system, please follow these steps:
-
Visit https://support.cambiumnetworks.com/externalidp/ and click Add New Identity Provider.
-
Enter a suitable name (such as the name of your company) and click Create.
-
Download our Service Provider Metadata and load it into your identity provider
-
Download the Identity Provider Metadata from your identity provider and upload it in the IdP Details section:
-
Under Attribute Mapping, define how attributes from your identity provider (such as user name and email address) should be mapped onto Cambium user account properties.
-
Under Domains, enter the email domain that the identity provider will be responsible for authenticating. You will need to prove ownership of this domain by creating a special DNS TXT record at a subdomain.
Once you have completed these steps, please use the Activate option in the navigation menu to activate the configuration.
If you have any questions, please raise a support ticket.
Optional configuration
By default, if you initiate a login from your identity provider (rather than from a Cambium site), you will eventually land on https://support.cambiumnetworks.com. If you would prefer to land in cnMaestro, you can set the Relay State parameter in your identity provider to the value:
https://cloud.cambiumnetworks.com/cn-rtr/sso
If you have cnMaestro X, you may like to configure IdP Role Mapping to use groups in your Identity Provider to automatically manage the members of your account.