Using company single sign-on integration
Using company single sign-on credentials to access your Red Hat account
Abstract
Preface
The company SSO integration feature allows you to log in to your Red Hat account by using your company login credentials instead of your Red Hat account credentials.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. The company single sign-on feature
The company SSO feature integrates your company SSO with Red Hat SSO. This integration allows existing Red Hat users to authenticate to Red Hat with their company SSO credentials.
Company single sign-on is not a self-service feature. Contact your Red Hat account team to learn more about how to enable this service for your company.
1.1. What is company single sign-on?
Company single sign-on is an integration between the Red Hat single sign-on system and your organization’s identity provider (IdP). This type of integration is commonly known as “3rd party IdP” or “federated IdP.” It enables users in your organization with existing Red Hat logins to sign into Red Hat services and applications that use sso.redhat.com for authentication, such as Customer Portal, Hybrid Cloud Console, and training-lms.redhat.com using their company SSO login credentials - the same credentials they use to access their company’s internal apps and resources. Any Red Hat website, app, or service using sso.redhat.com for authentication is accessible through company single sign-on integration.
1.2. Benefits of the Red Hat company single sign-on integration
Organization Administrators can use this feature for compliance and security reasons because authentication security protocols for Red Hat services can be managed directly by the organization by means of the authentication requirements of its own single sign-on system. Using the company single sign-on feature provides a better authentication user experience for end users. End users themselves can maintain one less set of login credentials.
Currently, company single sign-on integration has the following scope:
- Link one company IdP with one Red Hat organization account.
- Link one company user identity with one Red Hat user identity.
- Use corporate SSO/IdP to authenticate to the Red Hat Customer Portal or any Red Hat application with a web-based authentication flow which uses sso.redhat.com.
- OpenID Connect (OIDC) is supported.
- Security Assertion Markup Language (SAML) is supported.
1.3. Limitations of the Red Hat company single sign-on integration
Some Red Hat services are not compatible with single sign-on integration. This means that you can revoke a user’s corporate IdP credentials, but the username and password can still be used to authenticate to some Red Hat services. To completely remove a user’s access to all Red Hat services, you must use the user management tool to deactivate the user account. A deactivated account can no longer be used to access Red Hat services.
User management is available by clicking your account avatar to open the account information page. You must be an Organization Administrator to use the user management tools.
Users must be created through currently supported methods to take advantage of company single sign-on integration. Company single sign-on integration does not support auto-registration of users.
Users without accounts in the customer IdP will not be able to authenticate. For example, this can affect vendor relationships where today the vendor user has a Red Hat login within the customer’s Red Hat company account. Once company single sign-on is enabled, if the customer is not willing or able to allow the vendor user to have an account in the customer IdP, the vendor user will no longer be able to log in.
Chapter 2. Using the Red Hat company single sign-on feature
You can use your company single sign-on to login to your Red Hat account.
If your corporate Red Hat account is not set up to use company single sign-on, you can use your Red Hat account with your Red Hat login and password.
2.1. Logging in to your Red Hat account with company single sign-on
The following procedures describe different ways to log in to your Red Hat account depending on how your company single sign-on integration is set up.
If you previously used a social login to log in to your Red Hat account, you will see an error message when company single sign-on (SSO) is enabled for your organization. A message appears on your Red Hat account screen:
Log in with company single sign-on. Company single sign-on is required to access your account.
Click the link Log in with company single sign-on. to continue.
-
If company single sign-on integration is not yet enabled, you can log in to your Red Hat account.
Section 2.2, “Logging in when company SSO integration is not enabled” -
First-time login to your Red Hat account when company single sign-on is enabled.
Section 2.3, “Linking your Red Hat account to your company SSO user” -
Log in to your Red Hat account when company single sign-on is enabled.
Section 2.4, “Logging in with a company SSO user account” -
Log in to your Red Hat account when your user email is associated with company single sign-on enabled and other non-enabled accounts.
Section 2.5, “Logging in when an email is used with company SSO and non-SSO accounts” -
Log in to your Red Hat account when your user email is associated with more than one company single sign-on account.
Section 2.6, “Logging in when email is used on multiple SSO accounts” -
Change which SSO login account you are linked to.
Section 2.7, “Unlinking and linking your Red Hat company SSO account”
Because Red Hat provides multiple starting points to log in to your account, for consistency the following login procedures all begin at access.redhat.com.
2.2. Logging in when company SSO integration is not enabled
Use your email or your Red Hat login to log in your Red Hat account when it is not set up to use company single sign-on (SSO) integration. This is the default instance.
Prerequisites
- You have a registered Red Hat user account.
- Your Red Hat company account is not set up to use company SSO integration.
Procedure
- Use your browser to navigate to access.redhat.com
- Enter your email or your Red Hat login.
- Enter your Red Hat password.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
2.3. Linking your Red Hat account to your company SSO user
Use your email or your Red Hat login to log in your Red Hat account when it is enabled to use company single sign-on (SSO) integration. The first time you log in, you must link your Red Hat account to your company SSO account.
Prerequisites
- You have a registered Red Hat user account.
- Your company account is set up to use company SSO integration.
- Your Red Hat user account is not yet linked to your company SSO user.
This procedure is only required the first time that you authenticate, which is when Red Hat initially detects that your Red Hat company account has single sign-on (SSO) integration enabled.
Procedure
- Use your browser to navigate to access.redhat.com
-
Enter your Red Hat login or email registered to your Red Hat account.
Your company single sign-on login appears. -
Enter your company username and password credentials.
A message appears for the next step, One-time account linking required. - Enter your Red Hat account password.
- Click the Link account button.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
If the linking action fails, check that the Red Hat login and password are correct and are associated with the corporate account connected to your company SSO.
2.4. Logging in with a company SSO user account
Use your email or your Red Hat login to log in to your Red Hat account when it is enabled to use company single sign-on (SSO) integration.
Prerequisites
- You have a registered Red Hat user account.
- Your Red Hat company account is set up to use company SSO integration.
Procedure
- Use your browser to navigate to access.redhat.com
-
Enter your Red Hat login or email registered to your Red Hat account.
The company SSO login page appears. -
Enter your company username and password credentials.
This is the same information you use to log in to your company network, which also provides access to your Red Hat account.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
2.5. Logging in when an email is used with company SSO and non-SSO accounts
Use a single email to log in to Red Hat user accounts that include accounts that use company SSO integration and accounts that do not.
Red Hat allows a single email to be associated with more than one account. However, each Red Hat login must be unique. When a single email is used with multiple user accounts, some user accounts might be associated with a company SSO integration and others might not.
The Red Hat login determines which login access method is provided.
Prerequisites
- You have an email registered with more than one Red Hat user account.
- One account (or more) has company SSO integration enabled.
- One account (or more) does not have SSO integration enabled.
Procedure
- Use your browser to navigate to sso.redhat.com
Enter the email registered to your Red Hat account.
NoteTo choose whether company single sign-on or Red Hat account is your login method when the login page appears, select either of the following steps.
To choose company single sign-on login method, click the company single sign-on .
- A company single sign-on page appears.
- Enter the username and password associated with your company single sign-on.
To choose a Red Hat non-SSO login method, click the Red Hat account button.
- A Red Hat login page appears.
- Enter the password associated with your Red Hat user account.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
2.6. Logging in when email is used on multiple SSO accounts
You can use one email for multiple accounts. When you do so, you must use your login and not your email to log in to your account.
Prerequisites
- You have more than one registered Red Hat user account associated with a single email, and these user accounts span different Red Hat company accounts.
- Your Red Hat company accounts are set up to use company SSO integration and those company accounts use different identity providers.
Procedure
- Use your browser to navigate to access.redhat.com
Enter your Red Hat email registered to your Red Hat accounts.
An information panel appearsEmail address associated with multiple logins To access your account, use your login instead.
-
Enter the login registered to the account you wish to use.
The customer SSO login page appears for the selected login. - Enter your company username and password credentials.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
2.7. Unlinking and linking your Red Hat company SSO account
If you link your Red Hat user account to an incorrect company SSO account, or you link the wrong Red Hat user account to the SSO account, you can unlink then link to the correct SSO account. For example:
- You linked your Red Hat user account to Company A but you want to change it to Company B.
- You linked Red Hat user account X to a company SSO but you want to change to Red Hat user account Y.
A Red Hat user can only be linked to one user per external Identity Provider (IdP). Two external accounts from the same IdP cannot link to the same Red Hat user.
Prerequisites
- You have a registered Red Hat user account.
- Your Red Hat company account is set up to use company SSO integration.
- You incorrectly linked your Red Hat user account and company SSO account.
Procedure
Use your browser to navigate to access.redhat.com
TipAs a shortcut, navigate directly to Linked accounts.
Click your user avatar in the upper right corner of the page.
- Click Account details. A page opens where you can edit your account information.
- If you log in through Red Hat Hybrid Cloud Console, click My profile under your user avatar to edit your account information.
-
Click the Login & password link.
-
On the Login & password page, click Manage connected accounts.
The Linked accounts tab opens on the Account security page and you can view the identity provider account currently connected to your Red Hat account. -
Click the Unlink button to unlink your Red Hat user account.
A message is displayed when the identity provider link is successfully removed. Your account is no longer linked. -
Restart the linking process with the correct Red Hat user account and company SSO account.
Section 2.3, “Linking your Red Hat account to your company SSO user”
Chapter 3. Reference
Term | Definition |
---|---|
Federated identity | An electronic identity linked across multiple distinct identity management systems. See the Wikipedia Federated identity reference. |
IdP | Identity provider. See the Wikipedia Identity provider reference. |
SSO | Single sign-on. True single sign-on allows the user to log in once and access services without re-entering authentication factors. See the Wikipedia Single_sign-on reference. |