Log inSign up

Configure IAM Federation

As an organization, to begin using Identity Provider (IDP) to log in to the DCD, follow these steps:

1

Request Domain Ownership

1. Using the API, the organization must request domain ownership. This domain ownership establishes a connection between the organization and its IDP.

2. The organization must Create a TXT Domain Record using the token value provided in the Request Domain Ownership API.

Note: IONOS Cloud performs the verification and approval process after you manually trigger it using the Verify Domain Ownership API. Upon successful domain ownership validation, IONOS Cloud will proceed with the IAM Federation configuration for your organization. The duration of this process ranges from a few seconds to up to a week, depending on your domain provider.

2

Onboard Identity Provider

Prerequisites:

  • The domain ownership must be successfully verified and approved by IONOS Cloud.

  • IONOS Cloud accepts SAML 2.0 or OpenID Connect (OIDC) identity providers. Hence, your IDP must be either of these two types.

1. Onboard the organization IDP. To do so, Create Identity Provider using the API.

2. Depending on the IDP type, you must provide the following details to IONOS Cloud:

Info: You can find these details in the discovery endpoint. For more information, see Discovery endpoint.

  • client_id: Your OIDC client ID.

  • client_secret: The client secret key.

3

Configuration from IONOS Cloud

  • Upon receipt of the discovery endpoint from the organization, IONOS Cloud performs the following actions:

    • Verifies the domain ownership.

    • Verifies the discovery endpoint.

    • Creates the IDP using the configuration in the discovery endpoint.

    • Links the IDP to the domain to be used by the user accounts in that domain.

Result: The organization IDP is successfully onboarded to IONOS Cloud.

Discovery endpoint

From the OIDC discovery endpoint, the following details are considered to configure the IAM Federation by IONOS Cloud:

  • issuer: The URL of the OIDC issuer.

  • authorization_endpoint: The URL of the authorization endpoint.

  • token_endpoint: The URL of the token endpoint.

  • userinfo_endpoint: The URL of the user info endpoint.

  • jwks_uri: The URL of the JSON Web Key Set (JWKS).

  • client_id: The client ID of the OIDC client.

  • client_secret: The client secret of the OIDC client.

For more information on the OIDC discovery endpoint, refer to the OpenID Connect 1.0 Documentation.

PreviousSet User PrivilegesNextCreate a TXT Domain Record

Last updated

Was this helpful?