CloudLock

With Privileged Access Service, you can choose single-sign-on (SSO) access to the CloudLock web application with IdP-initiated SAML SSO (for SSO access through the Admin Portal) or SP-initiated SAML SSO (for SSO access directly through the CloudLock web application) or both. Providing both methods gives you and your users maximum flexibility.

If CloudLock is the first application you are configuring for SSO through Privileged Access Service, read these topics before you get started:

CloudLock SSO requirements

Before you configure the CloudLock web application for SSO, you need the following:

  • An active CloudLock account with administrator rights for your organization.

  • An Assertion Consumer Service URL from CloudLock.

  • A signed certificate.

  • You can either download one from Admin Portal or use your organization’s trusted certificate.

Adding and configuring CloudLock in Admin Portal

Tip:     It is helpful to open Centrify Admin Portal Application Settings and the CloudLock web application simultaneously to copy and paste content between the two browser windows. For information on how to access the CloudLock web application, see Configuring CloudLock for SSO.

Configuring CloudLock for SSO

The following steps are specific to the CloudLock application and are required in order to enable SSO for CloudLock. For information on optional Centrify Admin Portal configuration settings that you may wish to customize for your app, see Optional configuration settings.

For more information about CloudLock

For more information about configuring CloudLock for SSO, contact CloudLock Support.

CloudLock specifications

Each SAML application is different. The following table lists features and functionality specific to CloudLock.

Capability

Supported?

Support details

Web browser client

Yes

 

Mobile client

No

 

SAML 2.0

Yes

 

SP-initiated SSO

Yes

Users may go directly to the CloudLock URL and then use the Privileged Access Service SSO to authenticate.

IdP-initiated SSO

Yes

Users may use SSO to log in to CloudLock through the Admin Portal.

Force user login via SAML only

No

 

Separate administrator login
after SSO is enabled

No

 

User or Administrator account lockout risk

No

Users can log in using other SSO methods, such as Office365.

Automatic user provisioning

No

 

Multiple User types

Yes

 

Self-service password

No

 

Access restriction using a corporate IP range

Yes

You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.