About Identity Federation

Identity federation is a system that delegates authentication to a trusted external party, your identity provider (IdP). With identity federation, you can log in to Cockpit, as a root account or as an EIM user, using an external authentication portal.

Activating identity federation is not an autonomous customer operation, it needs to be manually performed per account by Outscale administrators and requires a contract amendment. If you are interested by this service, contact your Technical Account Manager.

General Information

Identity federation can either be activated on a root account and all its EIM users, only a root account, only EIM users, or even specific EIM users. If identity federation is activated on a root account, all the subsequently created EIM users inherit the federation by default. For more information, see Email Address Requirements.

Federated authentication complements Outscale authentication. A federated account or user can continue to log in to Cockpit with their Outscale credentials if they wish to. You can enable or disable authentication using Outscale credentials when identity federation is activated. For more information, see Enabling or Disabling Outscale Authentication.

Email Address Requirements

Using federated authentication means that all root accounts and EIM users must have an email address registered. Those email addresses must have the same domain name as the one defined when activating identity federation.

EIM users can have an email address assigned to them but it can only be done by the root account when creating the user or when updating it. For more information, see Creating a User or Modifying a User. If no email address is assigned to an EIM user, the user’s default email becomes that of the root account.

Regardless if EIM users have an email address or if they have inherited that of the root account, they can only log in to Cockpit using their login, which follows this syntax: Account ID of the root account/your username (for example: 012345678912/username). For more information, see Logging In to Cockpit.

A confirmation email is sent to the associated email address upon first authentication for both root and EIM users. You must confirm the pairing between your IdP and your Outscale account by clicking the given link.

Related Pages

Export to PDF