Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 1. The company single sign-on feature
The company SSO feature integrates your company SSO with Red Hat SSO. This integration allows existing Red Hat users to authenticate to Red Hat with their company SSO credentials.
You can integrate your identity provider by using the self-service identity provider integration support as described in Configuring Identity Provider Integration. See Red Hat Hybrid Cloud Console Documentation.
Self-service integration is supported for the following Red Hat account types:
- A Red Hat Corporate account type. Personal account types are not supported.
- Accounts with an active, non-evaluation subscription.
- Approved Red Hat partner accounts.
1.1. What is company single sign-on?
Company single sign-on is an integration between the Red Hat single sign-on system and your organization’s identity provider (IdP). This type of integration is commonly known as “3rd party IdP” or “federated IdP.” It enables users in your organization with existing Red Hat logins to sign into Red Hat services and applications that use sso.redhat.com for authentication, such as Customer Portal, Hybrid Cloud Console, and training-lms.redhat.com using their company SSO login credentials - the same credentials they use to access their company’s internal apps and resources. Any Red Hat website, app, or service using sso.redhat.com for authentication is accessible through company single sign-on integration.
1.2. Benefits of the Red Hat company single sign-on integration
Organization Administrators can use this feature for compliance and security reasons because authentication security protocols for Red Hat services can be managed directly by the organization by means of the authentication requirements of its own single sign-on system. Using the company single sign-on feature provides a better authentication user experience for end users. End users themselves can maintain one less set of login credentials.
Currently, company single sign-on integration has the following scope:
- Link one company IdP with one Red Hat organization account.
- Link one company user identity with one Red Hat user identity.
- Use corporate SSO/IdP to authenticate to the Red Hat Customer Portal or any Red Hat application with a web-based authentication flow which uses sso.redhat.com.
- OpenID Connect (OIDC) is supported.
- Security Assertion Markup Language (SAML) is supported.
1.3. Limitations of the Red Hat company single sign-on integration
When you integrate your identity provider (IdP) or single sign-on (SSO) with the Red Hat single sign-on to create a federated SSO, any user who cannot authenticate your SSO also cannot authenticate to any Red Hat service with a web-based authentication flow. This includes frequently used services such as Red Hat Customer Portal, Red Hat Hybrid Cloud Console, Red Hat Training, and more.
A limited number of Red Hat services do not use web-based authentication; these services are not compatible with federated single sign-on. This means you can revoke a user’s corporate customer IdP credentials, but they can still use their Red Hat account username and password to authenticate to Red Hat services that bypass web-based authentication.
To remove access to all Red Hat services, the Organization Administrator must use the user management tool to deactivate a Red Hat user account. A deactivated account can no longer be used to access any Red Hat service.
Users must be created through currently supported methods to take advantage of company single sign-on integration. Company single sign-on integration does not support auto-registration of users.
Users without accounts in the customer IdP will not be able to authenticate. For example, this can affect vendor relationships where today the vendor user has a Red Hat login within the customer’s Red Hat company account. Once company single sign-on is enabled, if the customer is not willing or able to allow the vendor user to have an account in the customer IdP, the vendor user will no longer be able to log in.
