OpenVPN Cloud
Capabilities overview
OpenVPN is a virtual private network system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.
Supported capability | Required plan | Details |
---|---|---|
Passwordless SSO | Free plan | Low SSO tax |
Prerequisites
In order to integrate idemeum with OpenVPN Cloud you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:
- Tenant Metadata URL
Instructions for how to obtain these SAML metadata parameters are below.
Passwordless Single Sign-On (SAML)
Configure SSO in OpenVPN Cloud
- Navigate to your OpenVPN Cloud dashboard
- Choose Settings -> User authentication
- Click Edit
- Click Configure for SAML section
- Click Next
- Enter the name of the integration
- Paste Tenant Metadata URL that you obtained in the prerequisites section into the IdP Metadata URL section
- Expand Advanced settings and scroll down, enter the values as show below
- Click Next
- Click Finish
- Now click Edit configuration again and make sure SAML authentication is enabled.
Configure SSO in idemeum
- Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
- Click Applications in the left menu
- Search for OpenVPN Cloud application and click Add App
- Click SAML at the top navigation menu
- All you have to do is to enter your OpenVPN domain. For instance, our OpenVPN URL is https://idemeumlab.openvpn.cloud therefore we will need to enter idemeumlab as domain.
- Click Save
Optional - Configure IdP-init flow
With the configuration above only SP init flow will work. Meaning you will open OpenVPN application and then will be able to login with idemeum. If you want to launch OpenVPN from idemeum portal, you will need to configure IdP init flow.
Here is the document from OpenVPN that you can use for reference https://openvpn.net/cloud-docs/saml-configuration-for-idp-initiated-sign-on/
- You will need to install extension to analyze SAML protocol exchange. If you are using Chrome you can use the following one.
- Navigate to your OpenVPN portal at [your_domain].openvpn.cloud and capture the SAML request. We will need to capture Relay State parameter
- We will need to decode that Relay state using the following tool https://www.urldecoder.org/
- Now navigate to back idemeum dashboard, search for OpenVPN application
- Click SAML
- Expand Advanced options and paste the decoded value into the Relay state
- Click Save
Application entitlements
Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.
SAML SSO login flows
OpenVPN Cloud supports both:
- IDP Initiated Flow (this flow starts from launching OpenVPN application from idemeum catalog)
- SP Initiated Flow (this flow starts from launching OpenVPN app, entering your domain and then logging in with idemeum passwordless SSO)