Setting up SAML (Security Assertion Markup Language) will allow your team members to quickly log in to the team CloudAMQP account using the credentials stored in your organization’s Identity Provider (IdP).
In the CloudAMQP Console under Team Settings → SAML Configuration you will find the information needed for setting up and where to upload your IdP metadata.
Users and/or groups assigned through your IdP directory will be granted access. After SAML has been configured for your team, new users will be auto-provisioned into your team. This works as long as the first login is initiated from your IdP (and the account email hasn't been used with CloudAMQP previously).
Note: You can only use "Sign in with SAML" on the CloudAMQP login page when the user exists in CloudAMQP.
To enforce specific roles, your IdP must send an extra 84codes.roles attribute in the SAML response. You can see examples of the attribute value on your SAML page: customer.cloudamqp.com/team/saml
You can also enforce SAML-initiated logins and disable password-based authentication. User accounts that are member of more than one team can still log in using password based authentication, however if they try and access a team where SAML is enforced then a SAML authentication will be needed before access is granted to that team.
To enforce SAML authentication, tick the checkbox stating Enforce SAML, disabble password-based login on customer.cloudamqp.com/team/saml once SAML is configured.
You can only connect a SAML application on your IdP to a single team in CloudAMQP. If your organization uses multiple CloudAMQP teams, you will need to configure one SAML application per team.
We have step-by-step instructions on configuring SAML for some of the most popular identity providers:
For existing accounts, an invite to team is required to join the team.
Please note that if an account is removed from the IdP directory, the account will still have access in the CloudAMQP console and the user will need to be deleted from the CloudAMQP console to cease access.
There is a checklist of reasons for this error: