Auth0 operates a cloud-based identity platform for developers. It can also be configured as an Identity Provider (IDP) for Cloudinary. Here's how this federation can be achieved.
To create a SAML authentication with Auth0 as the IDP, you'll need to follow these 3 steps:
- Create a SAML based application on Auth0
- Create User(s) on Auth0 - if no users have been created yet.
- For each user that needs to login, enable SAML authentication on Cloudinary.
Here's how you can achieve this.
Auth0 Application Setup
For this setup, we will be following the steps explained in the document Auth0 as Identity Provider.
- Go to Auth0 Dashboard > Applications.
- Create a new application, name as Cloudinary SAML Integration.
- Choose the Application Type as Regular Web Application.
- Click on Settings. Fill in the following values on the settings screen:
- Application Logo: https://res.cloudinary.com/cloudinary/image/upload/c_scale,w_150/v1/logo/for_white_bg/cloudinary_logo_for_white_bg.png
- Application Type: Verify that it is Regular Web Application.
- Token Endpoint Authentication Method: Set this to POST.
- Towards the end, click on Show Advanced Settings.
- Navigate to the Endpoints tab.
- Look for the SAML section. From this, copy the SAML Metadata URL. Keep this handy as we'll require it later.
- Click on the button SAVE CHANGES to save this application.
- Next, click on Addons tab. On this tab, enable the SAML2 Web App
- On the pop-up screen, enter the Application Callback URL field to be https://cloudinary.com/saml/consume. This is the end-point that will consume the SAML response.
- Next, we need to set the fields that Cloudinary will receive in the SAML response. We only need the email address. So uncomment the following lines:
- nameIdentifierFormat
- nameIdentifierProbes
- The field for email "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress".
- Finally, the closing ], so that the JSON is valid.
{ "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ] }
- Towards the end of the pop-up screen, click on the Enable button.
- Once again, come back to the end of the screen and click on Save button.
- Finally, click on the Usage tab. Copy the Identity Provider Login URL. This will be the URL you can use to test the SAML authentication. This completes the setup on Auth0.
Auth0 User Setup
This step applies if you are just setting up Auth0.
We need to create new users who will be using Auth0 for authentication purposes. This should ideally be done by the account administrators in your organization. We are showing the very basic steps to get the integration working.
- Navigate to _Users & Roles_.
- Click on Users.
- Click the Create User button.
- Fill in the user information and hit Create.
Cloudinary Setup
- Login to Cloudinary.
- Navigate to Settings (gear icon) -> Users.
- If your account is configured to support SAML, there should be a SAML section (if not open a support ticket at https://support.cloudinary.com/hc/en-us/requests/new). Populate the following:
- Metadata retrieval method: Set this to URL
- SAML metadata URL: Fill the URL that was saved in step 7 above.
- Enforce SAML login: Set to Yes.
- If your account is configured to support SAML, there should be a SAML section (if not open a support ticket at https://support.cloudinary.com/hc/en-us/requests/new). Populate the following:
Save the settings and logout.
Testing
Use the Identity Provider Login URL saved in step 14. If everything is correct, it should authenticate you to Auth0 and redirect to Cloudinary logged in page.
Gotchas
On Auth0, the SAML application is associated with 2 types of authentication by default:
- user-password
- Google OAuth2
If you are using any other scheme for authentication, it should be enabled.
Comments
0 comments
Please sign in to leave a comment.