RC: SAML Domain verification #146
Conversation
RC: SAML Domain Verification - integration guides
cmilesb
changed the title
|
|
||
| ### SAML domain verification | ||
|
|
||
| We added domain verification to [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}) to enhance security. Before you set up SAML in Redis Cloud, you must first [verify domain ownership]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) for any domains associated with your SAML setup. |
There was a problem hiding this comment.
@joniredis What's the guidance for current customers who have already set up SAML? I'd like to add that here.
There was a problem hiding this comment.
@cmilesb that is a good point. In principle any active SAML configurations continue to work but these domains will show up as "unverified" and we want these customers to stil verify their domains. For now we will not reject any logins, but if they want to make any domain changes they will need to verify the domain before they can continue.
Don't write this in the docs, but for a large chunk of active SAML customers that we know we will set their domain to "verified" during deployment since we know and trust these customers.
| @@ -256,7 +253,7 @@ To activate SAML, you must have a local user (or social sign-on user) with the * | |||
|
|
|||
| {{<image filename="images/rc/saml/sm_saml_8.png" >}} | |||
|
|
|||
| A popup appears, stating that to test the SAML connection, you need to log in with Okta credentials of the user defined in the Redis Cloud group. This user is part of the group to which you assigned the Redis Cloud application. | |||
| A popup appears, stating that to test the SAML connection, you need to log in with Okta credentials of the user defined in the Redis Cloud group. This user is part of the group to which you assigned the Redis Cloud application. | |||
There was a problem hiding this comment.
Bit awkward, maybe? You could perhaps reorder it a bit, along the lines of "The app displays a popup to inform you that you must log in with the Okta credentials of the user you defined in the Redis cloud group if you want to test the SAML connection."
| 1. If only one user is defined in Redis Cloud console, you get a popup window where you select **Confirm** to convert the local user to a SAML user. | ||
|
|
||
| > Consider setting up one more local user other than a SAML user. | ||
| 1. If only one user is defined in Redis Cloud console, you get a popup window where you select **Confirm** to convert the local user to a SAML user. Consider setting up one more local user other than a SAML user. |
There was a problem hiding this comment.
Bit awkward again? Maybe something like "If only one user is defined in Redis Cloud console, you will also see a popup window asking if you want to convert the local user to a SAML user. Select Confirm to go ahead with the conversion."
|
|
||
| We added domain verification to [SAML single sign-on]({{< relref "/operate/rc/security/access-control/saml-sso" >}}) to enhance security. Before you set up SAML in Redis Cloud, you must first [verify domain ownership]({{< relref "/operate/rc/security/access-control/saml-sso#verify-domain" >}}) for any domains associated with your SAML setup. | ||
|
|
||
| You can now also associate multiple domains with your SAML setup. |
There was a problem hiding this comment.
@cmilesb I think this warrants a section of it own since this is a big benefit for larger customers that are using SAML. Something like: "SAML SSO now supports multiple username domains"
|
Thanks a lot @cmilesb looks good to me! One small note is that the IdP specific guides still contain the old Redis logo. Would be good to update to the new one, but that doesn't have to be related to this effort from my end. |
Ticket: DOC-3644
Staging links:
https://redis.io/docs/staging/DOC-3644/operate/rc/security/access-control/saml-sso/
https://redis.io/docs/staging/DOC-3644/operate/rc/changelog/may-2024
Releasing May 19th.