Red Hat SummitUsing company single sign-on integration
Using company single sign-on credentials to access your Red Hat account
Abstract
Preface
The company SSO integration feature allows you to log in to your Red Hat account by using your company login credentials instead of your Red Hat account credentials.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. The company single sign-on feature
The company SSO feature integrates your company SSO with Red Hat SSO. This integration allows existing Red Hat users to authenticate to Red Hat with their company SSO credentials.
You can integrate your identity provider by using the self-service identity provider integration support as described in Configuring Identity Provider Integration. See Red Hat Hybrid Cloud Console Documentation.
Self-service integration is supported for the following Red Hat account types:
- A Red Hat Corporate account type. Personal account types are not supported.
- Accounts with an active, non-evaluation subscription.
- Approved Red Hat partner accounts.
1.1. What is company single sign-on?
Company single sign-on is an integration between the Red Hat single sign-on system and your organization’s identity provider (IdP). This type of integration is commonly known as “3rd party IdP” or “federated IdP.” It enables users in your organization with existing Red Hat logins to sign into Red Hat services and applications that use sso.redhat.com for authentication, such as Customer Portal, Hybrid Cloud Console, and training-lms.redhat.com using their company SSO login credentials - the same credentials they use to access their company’s internal apps and resources. Any Red Hat website, app, or service using sso.redhat.com for authentication is accessible through company single sign-on integration.
1.2. Benefits of the Red Hat company single sign-on integration
Organization Administrators can use this feature for compliance and security reasons because authentication security protocols for Red Hat services can be managed directly by the organization by means of the authentication requirements of its own single sign-on system. Using the company single sign-on feature provides a better authentication user experience for end users. End users themselves can maintain one less set of login credentials.
Currently, company single sign-on integration has the following scope:
- Link one company IdP with one Red Hat organization account.
- Link one company user identity with one Red Hat user identity.
- Use corporate SSO/IdP to authenticate to the Red Hat Customer Portal or any Red Hat application with a web-based authentication flow which uses sso.redhat.com.
- OpenID Connect (OIDC) is supported.
- Security Assertion Markup Language (SAML) is supported.
1.3. Limitations of the Red Hat company single sign-on integration
When you integrate your identity provider (IdP) or single sign-on (SSO) with the Red Hat single sign-on to create a federated SSO, any user who cannot authenticate your SSO also cannot authenticate to any Red Hat service with a web-based authentication flow. This includes frequently used services such as Red Hat Customer Portal, Red Hat Hybrid Cloud Console, Red Hat Training, and more.
A limited number of Red Hat services do not use web-based authentication; these services are not compatible with federated single sign-on. This means you can revoke a user’s corporate customer IdP credentials, but they can still use their Red Hat account username and password to authenticate to Red Hat services that bypass web-based authentication.
To remove access to all Red Hat services, the Organization Administrator must use the user management tool to deactivate a Red Hat user account. A deactivated account can no longer be used to access any Red Hat service.
Users must be created through currently supported methods to take advantage of company single sign-on integration. Company single sign-on integration does not support auto-registration of users.
Users without accounts in the customer IdP will not be able to authenticate. For example, this can affect vendor relationships where today the vendor user has a Red Hat login within the customer’s Red Hat company account. Once company single sign-on is enabled, if the customer is not willing or able to allow the vendor user to have an account in the customer IdP, the vendor user will no longer be able to log in.
Chapter 2. Using the Red Hat company single sign-on feature
You can use your company single sign-on to login to your Red Hat account. For information on how to configure your identity provider integration, see Configuring Identity Provider Integration in Red Hat Hybrid Cloud Console Documentation.
If your corporate Red Hat account is not set up to use company single sign-on, you can use your Red Hat account with your Red Hat login and password.
2.1. Logging in to your Red Hat account with company single sign-on
The following procedures describe different ways to log in to your Red Hat account depending on how your company single sign-on integration is set up.
If you previously used a social login to log in to your Red Hat account, you will see an error message when company single sign-on (SSO) is enabled for your organization. A message appears on your Red Hat account screen:
Log in with company single sign-on. Company single sign-on is required to access your account.
Log in with company single sign-on.
Company single sign-on is required to access your account.Click the link Log in with company single sign-on. to continue.
-
If company single sign-on integration is not yet enabled, you can log in to your Red Hat account.
Section 2.2, “Logging in when company SSO integration is not enabled” -
First-time login to your Red Hat account when company single sign-on is enabled.
Section 2.3, “Linking your Red Hat account to your company SSO user” -
Log in to your Red Hat account when company single sign-on is enabled.
Section 2.4, “Logging in with a company SSO user account”
-
Change which SSO login account you are linked to.
Section 2.5, “Unlinking and linking your Red Hat company SSO account”
Because Red Hat provides multiple starting points to log in to your account, for consistency the following login procedures all begin at access.redhat.com.
2.2. Logging in when company SSO integration is not enabled
Use your your Red Hat login to log in your Red Hat account when it is not set up to use company single sign-on (SSO) integration. This is the default instance.
Prerequisites
- You have a registered Red Hat user account.
- Your Red Hat company account is not set up to use company SSO integration.
Procedure
- Use your browser to navigate to access.redhat.com
- Enter your Red Hat login.
- Enter your Red Hat password.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
2.3. Linking your Red Hat account to your company SSO user
Use your Red Hat login to log in your Red Hat account when it is enabled to use company single sign-on (SSO) integration. The first time you log in, you must link your Red Hat account to your company SSO account.
Prerequisites
- You have a registered Red Hat user account.
- Your company account is set up to use company SSO integration.
- Your Red Hat user account is not yet linked to your company SSO user.
This procedure is only required the first time that you authenticate, which is when Red Hat initially detects that your Red Hat company account has single sign-on (SSO) integration enabled.
Procedure
- Use your browser to navigate to access.redhat.com
-
Enter your Red Hat login registered to your Red Hat account.
Your company single sign-on login appears. -
Enter your company username and password credentials.
A message appears for the next step, One-time account linking required. - Enter your Red Hat account password.
- Click the Link account button.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
If the linking action fails, check that the Red Hat login and password are correct and are associated with the corporate account connected to your company SSO.
2.4. Logging in with a company SSO user account
Use your Red Hat login to log in to your Red Hat account when it is enabled to use company single sign-on (SSO) integration.
Prerequisites
- You have a registered Red Hat user account.
- Your Red Hat company account is set up to use company SSO integration.
Procedure
- Use your browser to navigate to access.redhat.com
-
Enter your Red Hat login registered to your Red Hat account.
The company SSO login page appears. -
Enter your company username and password credentials.
This is the same information you use to log in to your company network, which also provides access to your Red Hat account.
Verification
After a successful login, the avatar that is associated with your user account appears in the navigation bar in place of the login icon. Click the avatar for additional account information.
2.5. Unlinking and linking your Red Hat company SSO account
If you link your Red Hat user account to an incorrect company SSO account, or you link the wrong Red Hat user account to the SSO account, you can unlink then link to the correct SSO account. For example:
- You linked your Red Hat user account to Company A but you want to change it to Company B.
- You linked Red Hat user account X to a company SSO but you want to change to Red Hat user account Y.
A Red Hat user can only be linked to one user per external Identity Provider (IdP). Two external accounts from the same IdP cannot link to the same Red Hat user.
Prerequisites
- You have a registered Red Hat user account.
- Your Red Hat company account is set up to use company SSO integration.
- You incorrectly linked your Red Hat user account and company SSO account.
Procedure
Use your browser to navigate to access.redhat.com
TipAs a shortcut, navigate directly to Linked accounts.
Click your user avatar in the upper right corner of the page.
- Click Account details. A page opens where you can edit your account information.
- If you log in through Red Hat Hybrid Cloud Console, click My profile under your user avatar to edit your account information.
-
Click the Login & password link.
-
On the Login & password page, click Manage connected accounts.
The Linked accounts tab opens on the Account security page and you can view the identity provider account currently connected to your Red Hat account. -
Click the Unlink button to unlink your Red Hat user account.
A message is displayed when the identity provider link is successfully removed. Your account is no longer linked. -
Restart the linking process with the correct Red Hat user account and company SSO account.
Section 2.3, “Linking your Red Hat account to your company SSO user”
Chapter 3. Reference
| Term | Definition |
|---|---|
| Federated identity | An electronic identity linked across multiple distinct identity management systems. See the Wikipedia Federated identity reference. |
| IdP | Identity provider. See the Wikipedia Identity provider reference. |
| SSO | Single sign-on. True single sign-on allows the user to log in once and access services without re-entering authentication factors. See the Wikipedia Single_sign-on reference. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}