Entra ID

Requirements

  • Linux Control Center = 2.12.X or higher

  • Pre-configured Single Sign-On (SSO) Provider

Overview

Linux Control Center allows you to configure a Single Sign-On (SSO) provider for the Console, offering secure and convenient access. LCC supports authentication via LDAP and SAML.

  • See the image representing the authentication flow.

Objective

The objective of this document is to provide a step-by-step guide to configure an access provider to the LCC Console using a SAML provider.

Microsoft Entra ID Configuration

  1. Access the Entra ID platform in your environment and go to Applications. Select App Registrations and click New Registration.

  2. Define a name for the application and choose the type of Microsoft Entra ID account that will have permission to access LCC.

  3. Define the scope of access to the application as desired.

  4. Click Register.

SAML Provider Configuration

Registering the Provider in LCC

  1. Click Config in the left menu of LCC.

  2. Click Provider.

  3. Click SAML.

  4. Click Create.

  5. Fill in the required fields as follows:

  • Name: This will be the name of the provider button on the LCC login screen.

  • Entity ID: Enter the ID of the application created in Microsoft Entra ID.

  • IDP Metadata URL: Enter the Authority URL from the Entra ID application.

  • IDP Metadata Data: Enter the metadata URL from your Identity Provider.

  1. To obtain the IDP URL information from Microsoft Entra ID, go to the Overview page of the application and click Endpoints.

  • Copy the SAML-P Sign-on Endpoint and paste it into the IDP Metadata URL field.

  1. Click Select an Icon and choose the login button icon for the provider that will appear on the LCC Console login screen. You can also upload a custom icon using a Base64 string.

  2. Click Next.

  3. Fill in the User Identifier Attribute field. This defines the user from the Identity Provider responsible for validating authentication. You can define a key to validate the IDP response.

  4. Click Next again and select the options as needed.

  5. Click Save to create the provider in the LCC Console.

Registering the Endpoint in the IDP

Important: This step is crucial in configuring the identity provider. You must register the LCC endpoint in your Identity Provider so that LCC has permission to perform queries.

  1. Click on the Identity Provider you created and copy the Assertion Consumer Service URL. Paste it into the Redirect URL field in the Microsoft Entra ID application.

  2. Field configuration in Microsoft Entra ID.

Granting Permission to the Provider

  1. Click Config in the left menu.

  2. Click Authentication.

  3. Click the Providers tab, select the provider, and move it to the table on the right.

  4. Click Save to set the provider (e.g., Cisco Duo) as a valid authentication method.

Access with Identity Provider

  1. Log out from the current user and click the Identity Provider button you created. LCC will perform the query and read the SAML response to validate access to the Console.

PreviousCisco DuoNextAuthentication

Last updated