This configuration workflow explains how to enable single sign-on (SSO) for Qumulo Nexus from the perspective of a storage administrator who manages a Qumulo Nexus account and works together with a system administrator who manages your organization's identity provider (IdP).
Nexus IdP functionality is currently in private preview.
After the storage administrator performs the initial configuration in Nexus, the system administrator configures the IdP. Then, the storage administrator completes the SSO configuration in Nexus.
Prerequisites
-
Administrative access to your organization’s Nexus account
-
A subdomain for your organization
Step 1: Perform Initial Single Sign-On (SSO) Configuration in Qumulo Nexus
Before you ask a system administrator to configure the identity provider (IdP), you must perform the initial SSO configuration in Qumulo Nexus.
To Perform Initial SSO Configuration in Nexus
-
In the upper-right corner, click your username and then click Organization Settings.
-
On your organization’s page, click SAML SSO, and then click Configure SSO.
-
On the Configure SAML SSO page, enter a Nexus login subdomain and then click Save & Continue.
The Entity ID (your Nexus account’s unique identifier) and ACS URL (the Assertion Consumer Service URL that receives SAML responses) are displayed. For example:
https://mysubdomain.nexus.qumulo.com https://mysubdomain.nexus.qumulo.com/api/v1/auth/saml/acs/
Note
- Record these values for the next step.
- If the subdomain that you want to use is unavailable, choose another subdomain or contact the Qumulo Care team.
Step 2: Ask a System Administrator to Configure an Identity Provider (IdP) for Qumulo Nexus
After you perform the initial SSO configuration in Nexus, you must ask a system administrator in your organization to configure the IdP and then provide you with the IdP Metadata URL.
-
Provide your system administrator with the Entity ID (your Nexus account’s unique identifier) and ACS URL (the Assertion Consumer Service URL that receives SAML responses).
-
Ask the system administrator to perform the necessary configuration.
-
Receive the IdP Metadata URL from your system administrator. For example:
https://my-organization.idp-provider.com/app/abcd12e345fgHIJKLm678/sso/saml/metadata
Note
The format of the IdP Metadata URL depends on your organization’s IdP provider.
Step 3: Perform Final Single Sign-On (SSO) Configuration in Qumulo Nexus
After your system administrator configures the identity provider (IdP), you must perform the final SSO configuration in Qumulo Nexus by using the IdP Metadata URL .
-
In the upper-right corner, click your username and then click Organization Settings.
-
On your organization’s page, click SAML SSO, and then click Configure SSO.
-
On the Configure SAML SSO, enter the the IdP Metadata URL and then click Complete Configuration.
SAML SSO - Enabled is displayed.
Next Steps
After you perform the final SSO configuration, you can click Users and then add users to your Nexus account. Every user that you add has SSO enabled by default.