Views:

Procedure

  1. Define Cloud Conformity in your identity provider as a service by one of the following options:
    1. Import Cloud Conformity Service Provider metadata under Relying party trusts. The latest metadata is available at these URLs:
    2. Define Cloud Conformity as a service provider manually:
  2. Set Default Relay State: REGION_OF_SERVICE:YOUR_DOMAIN.com (This is to enable IdP-initiated sign-on)
  3. In Claim Rules dialog, select Send LDAP Attributes as Claims and make sure email address, given name, and surname claims are enabled.
    adfs-sso-3=7b579ae7-64c1-4144-a035-5f0066bac932.png
  4. Configure role mapping
    • Depending on how you manage your groups, send a group membership claim to map to user role in Cloud Conformity. Users coming through ADFS, can take any of the four supported roles in Cloud Conformity:
      • Admin: This role is the organisation administrator and has full access to everything in Cloud Conformity.
      • Power user: This role has full access to all accounts but no organisation-level access, e.g. cannot manage users or add accounts.
      • Read-only: Similar to power user but only with read-only access to all accounts.
      • Custom: Custom users have no access by default and can be granted fine-grained permissions after their first sign-on, by an organisation administrator.
  5. Download and provide us with your identity provider metadata file. ADFS SAML 2.0 metadata should be accessible here: https://ADFS_DOMAIN/FederationMetadata/2007-06/FederationMetadata.xml
    Once you have provided identity provider metadata, a member of our team will import it to Cloud Conformity as a trusted identity provider and can begin verifying the integration.
    Note
    Note
    Please contact our support team for additional help.