Single Sign-On (SSO) provides a seamless authentication experience to users, allowing them to log in once and access all authorized applications without the need to enter separate credentials. Security Assertion Markup Language (SAML) is a standard protocol for implementing SSO in applications. 

Cerberus FTP Server 13.0 supports Azure SAML SSO which utilizes Microsoft Entra ID’s services (formerly known as Azure Active Directory/AD ).

What is SAML SSO?

SAML is an XML-based protocol that allows identity providers (IdPs) to securely exchange user authentication and authorization data with service providers (SPs). The SAML SSO process involves three primary entities:

User: The person or system using the application

Identity Provider (IdP): The entity which authenticates the user (Microsoft Azure AD).

Service Provider (SP): The application that the user is attempting to access (Cerberus FTP Server).

The System for Cross-domain Identity Management (SCIM) is another protocol that allows the IdP to share information about users and groups with the SP. Cerberus uses SCIM to provide easy management of user and group permissions.

How does SAML SSO work?

When a user tries to access Cerberus using the SSO button, the user is redirected to the IdP where they are asked to provide their credentials. Once authenticated, the IdP generates a SAML response that includes the user’s identity information and signs the response using a digital signature. The signed response is then sent to the SP, which verifies the signature to confirm the response’s authenticity.

The SP then grants the user access to the application, and the user is logged in automatically. If the user tries to access another application that has SAML SSO enabled, they can be automatically logged in without having to provide their credentials again if they are authorized for that application.

How to set up SAML SSO in Cerberus

Setting up SSO in Cerberus with Entra ID involves three main steps:

  1. In Cerberus, add a configuration for SSO Users
  2. Configure the Identity Provider in Azure – see our SAML guide
  3. Configure SCIM in Azure – see our SCIM guide
  4. We also have a list of Known Issues and Limitations that may be useful.

Once these steps are complete, users will be able to select the SSO button to complete their login.

Availability

SAML SSO offers a secure way to authenticate users and significantly reduces the number of credentials that users need to remember. SSO features are available now in the Cerberus FTP Server 13.0 Enterprise and Enterprise Plus Editions.

We look forward to hearing how our customers use this feature and how any additional features help you manage users. As always, we would love to hear your feedback.