SAML

Next-generation cloud-hosted OpenVPN business solution.
Post Reply
pchernoff
OpenVpn Newbie
Posts: 5
Joined: Fri Mar 05, 2021 4:11 pm

SAML

Post by pchernoff » Fri Mar 05, 2021 4:17 pm

How do I create an admin account with SAML for authentication?


I just created an OpenVPN Cloud account for my office to test it for switching to it for our VPN.

I want users to be able to sign in using Google auth. the setup was pretty simple and I got it working. However, OpenVPN made changes to the users and I don't see a fix.

There was a single account using OpenVPN Cloud. If I activate SAML for authentication then my original user account, which is the owner, is suspended. A new account was created for me and I can sign in with it. However, the owner account is deactivated so I cannot new users.

I did create a new user, the person signed in, created password, etc. I promoted his account to Admin. I change to SAML and his account is now deactivated.

pchernoff
OpenVpn Newbie
Posts: 5
Joined: Fri Mar 05, 2021 4:11 pm

Re: SAML

Post by pchernoff » Sat Mar 06, 2021 4:29 pm

Turns out it was simple. Tech support got back to me very quickly.

The owner account is able to log in via the web site to manage the account. This stays true. But once you turn on SAML then the owner account cannot connect to the VPN itself.

All someone has to do is run OpenVPN Connect and provide their Google credentials. They are logged into the VPN and that use is now added to the list of user. The owner can now log into the administrative web side and promote a user to admin.

I am used to systems where you create an account locally, link it to their Google address, and then the person can log in. Here anyone with a google account, either at your company or in a designated group, can log into the VPN if licenses are available.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: SAML

Post by openvpn_inc » Tue Mar 09, 2021 6:09 pm

Hi There,

When SAML is being used, owner user is displayed suspended, because Owner cannot use its profile to OpenVPN Cloud, when SAML is enabled, however, Owner account can still access Admin Portal to do VPN Configuration. When you use SAML account, it is a different account, even if email is the same. It means that using Owner email with SAML will create another user, which will be able to connect to VPN. You can even grant new user with admin rights. However, you cannot give SAML user Owner account rights.

in short owner account can still manage billing from the Web Portal. Owner account can navigate to https://xyz.openvpn.com and sign in as Owner. So if the owner wants to manage billing, he will log into owner login and use normal credentials and for VPN related stuff, he will login via SSO to manage devices etc...


Regards,
Crowley
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply