Cloud Academy and QA are in the process of changing our authentication provider, which will require accounts currently using SSO to update their SSO configuration. This article describes how the new authentication is different and the changes you need to make.
We have provided a wizard to simplify the update process, and the changes take only a few minutes.
This article is intended for enterprise admins who are familiar with the current SSO configuration. This article contains the following sections:
- Why Change Authentication Providers
- How This Change Affects Users
- What You Need to Do
- Timeline for the Change
- Want Some Help?
Why Change Authentication Providers
This change offers several benefits:
- It makes all parts of the authentication experience better, from registering to logging in all the way down to the process you go through if you forget your password.
- It opens up the opportunities to implement advanced features like multi-factor authentication and more social login options.
- It allows us to keep up with the ever-evolving security demands of an online product.
How This Change Affects Users
From the end-user's point of view, the authentication provider change isn't entirely invisible, but the differences are small and make the experience simpler and more intuitive. Most aspects of the change in authentication providers have already been released to your users.
For example, one change was introduced a couple months ago when SSO users started being able to type their email address directly into the login screen without needing to click a Log in with SSO link first.
What You Need to Do
As part of this change, we have published a new service provider for the SSO. Since the service provider is changing, all the services that depend on the legacy system will no longer function after December 31, 2021. You need to configure a new service provider for your SSO to continue to work.
We built a wizard to help you make the change. The wizard takes you through the process of setting up a new application with the specified parameters.
All the administrators in your account will see the wizard on the Settings screen. Once any administrator in your account finishes the wizard, the message will stop appearing for everyone. This process needs to be done only once per account.
When you click Update your settings, the wizard appears:
Click Get started and the first step appears telling you to make sure you have access to your SSO provider:
Once you're logged in to your SSO provider, click I'm logged in. The screen with the information you need to create a new SAML application appears:
You use the information on this screen to create a new SAML application in your SSO provider software. Note: If your SSO provider supports generating an app from an XML file, you can click the XML file link to download it.
Important: After the app is created, make sure to verify that the right users and groups are assigned to that app or they may be unable to log in to Cloud Academy. Similarly, you should replicate the attribute mapping from your old app. You should clone your existing settings so they are exactly the same.
Once you've finished creating the new SAML application, click I've created the SAML application. You are NOT applying the change at this point! The next step is to double-check IDP information.
The system populates the Login URL and certificate values with the existing information from your SSO, but those values could require updates depending on the SSO software you use. When you have the values set correctly, click Confirm settings.
Click Test Configuration to test the configuration. Important: This test lets you ensure that your configuration is working properly.
The same step appears with new buttons:
- If you are not able to log in, click Go back to the settings and look for errors in the configuration. Contact Customer Support if you cannot find the error.
- If you can log in successfully, click The test was successful and the step to apply the changes appears:
Click Apply changes. This time, you really ARE applying the changes, so make sure you’re ready before you click.
The success screen appears:
Congratulations on your success! Thank you for helping us with this improvement.
Timeline for the Change
The grace period for when your account will be changed to the new authentication provider ends December 31, 2021. If you do not complete the wizard by that date, your users won't be able to log in to your account.
Note: We'll be in contact to remind you as that date approaches!
Want Some Help?
We're happy to walk you through this process. Drop a line to your Customer Success Manager or firstname.lastname@example.org and we'll set up a time to complete the process together.