SAML MFA for VPN / Wi-Fi

OpenVPN Cloud

Learn how to integrate OpenVPN cloud with idemeum passwordless platform.

Apr 12, 2022 3 min read
OpenVPN Cloud

Capabilities overview

OpenVPN is a virtual private network system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

Pricing page

Supported capability Required plan Details
Passwordless SSO Free plan Low SSO tax

Prerequisites

In order to integrate idemeum with OpenVPN Cloud you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:

  • Tenant Metadata URL

Instructions for how to obtain these SAML metadata parameters are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…
Docsidemeum team

Passwordless Single Sign-On (SAML)

Configure SSO in OpenVPN Cloud

  • Navigate to your OpenVPN Cloud dashboard
  • Choose Settings -> User authentication
  • Click Edit
  • Click Configure for SAML section
  • Click Next
  • Enter the name of the integration
  • Paste Tenant Metadata URL that you obtained in the prerequisites section into the IdP Metadata URL section
  • Expand Advanced settings and scroll down, enter the values as show below
  • Click Next
  • Click Finish
  • Now click Edit configuration again and make sure SAML authentication is enabled.

Configure SSO in idemeum

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Search for OpenVPN Cloud application and click Add App
  • Click SAML at the top navigation menu
  • All you have to do is to enter your OpenVPN domain. For instance, our OpenVPN URL is https://idemeumlab.openvpn.cloud therefore we will need to enter idemeumlab as domain.
  • Click Save

Optional - Configure IdP-init flow

With the configuration above only SP init flow will work. Meaning you will open OpenVPN application and then will be able to login with idemeum. If you want to launch OpenVPN from idemeum portal, you will need to configure IdP init flow.

Here is the document from OpenVPN that you can use for reference https://openvpn.net/cloud-docs/saml-configuration-for-idp-initiated-sign-on/

  • You will need to install extension to analyze SAML protocol exchange. If you are using Chrome you can use the following one.
  • Navigate to your OpenVPN portal at [your_domain].openvpn.cloud and capture the SAML request. We will need to capture Relay State parameter
  • Now navigate to back idemeum dashboard, search for OpenVPN application
  • Click SAML
  • Expand Advanced options and paste the decoded value into the Relay state
  • Click Save

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.

SAML SSO login flows

OpenVPN Cloud supports both:

  • IDP Initiated Flow (this flow starts from launching OpenVPN application from idemeum catalog)
  • SP Initiated Flow (this flow starts from launching OpenVPN app, entering your domain and then logging in with idemeum passwordless SSO)
Published by
idemeum team
idemeum team
You might also like
Table of Contents
Great! Next, complete checkout for full access to idemeum integrations.
Welcome back! You've successfully signed in.
You've successfully subscribed to idemeum integrations.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.