Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 1. The company single sign-on feature
The company SSO feature integrates your company SSO with Red Hat SSO. This integration allows existing Red Hat users to authenticate to Red Hat with their company SSO credentials.
Company single sign-on is not a self-service feature. Contact your Red Hat account team to learn more about how to enable this service for your company.
1.1. What is company single sign-on?
Company single sign-on is an integration between the Red Hat single sign-on system and your organization’s identity provider (IdP). This type of integration is commonly known as “3rd party IdP” or “federated IdP.” It enables users in your organization with existing Red Hat logins to sign into Red Hat services and applications that use sso.redhat.com for authentication, such as Customer Portal, Hybrid Cloud Console, and training-lms.redhat.com using their company SSO login credentials - the same credentials they use to access their company’s internal apps and resources. Any Red Hat website, app, or service using sso.redhat.com for authentication is accessible through company single sign-on integration.
1.2. Benefits of the Red Hat company single sign-on integration
Organization Administrators can use this feature for compliance and security reasons because authentication security protocols for Red Hat services can be managed directly by the organization by means of the authentication requirements of its own single sign-on system. Using the company single sign-on feature provides a better authentication user experience for end users. End users themselves can maintain one less set of login credentials.
Currently, company single sign-on integration has the following scope:
- Link one company IdP with one Red Hat organization account.
- Link one company user identity with one Red Hat user identity.
- Use corporate SSO/IdP to authenticate to the Red Hat Customer Portal or any Red Hat application with a web-based authentication flow which uses sso.redhat.com.
- OpenID Connect (OIDC) is supported.
- Security Assertion Markup Language (SAML) is supported.
1.3. Limitations of the Red Hat company single sign-on integration
Some Red Hat services are not compatible with single sign-on integration. This means that you can revoke a user’s corporate IdP credentials, but the username and password can still be used to authenticate to some Red Hat services. To completely remove a user’s access to all Red Hat services, you must use the user management tool to deactivate the user account. A deactivated account can no longer be used to access Red Hat services.
User management is available by clicking your account avatar to open the account information page. You must be an Organization Administrator to use the user management tools.
Users must be created through currently supported methods to take advantage of company single sign-on integration. Company single sign-on integration does not support auto-registration of users.
Users without accounts in the customer IdP will not be able to authenticate. For example, this can affect vendor relationships where today the vendor user has a Red Hat login within the customer’s Red Hat company account. Once company single sign-on is enabled, if the customer is not willing or able to allow the vendor user to have an account in the customer IdP, the vendor user will no longer be able to log in.