Single Sign-On Using Your Own Identity Provider
Security is key when handling data and systems. Many companies have established detailed compliance specifications for this purpose. At the same time, security measures – in particular the increasing number of passwords – are often seen as cumbersome by employees. Linking our cloud control panel to your own identity provider gives you a double advantage: your employees will benefit from increased convenience in their day-to-day work with our cloud thanks to single sign-on, while you can be sure that the security standards you have defined also apply when accessing our control panel.
More control in day-to-day cloud business
With the recently introduced "organizations", companies and other groups can manage cooperation around their cloud resources. As a superuser, you can invite any cloudscale.ch accounts into your organization and grant them read-only or full access on a project-by-project basis. People who already have an account at cloudscale.ch – e.g. for private use – can continue to use it and will then additionally see the resources of your organization.
It may be that as a company, you prefer your employees to use a separate account associated with their business email address instead. In this case, you can additionally choose to link your own "OpenID Connect"-compatible identity provider ("IDP"), such as Keycloak or ZITADEL, to our cloud control panel. During a signup or login attempt with an address from your email domain, the user is then redirected to your IDP. Once authenticated in accordance with the specifications of your IDP, they are returned to our control panel, where they are also logged in.
Tips on using your IDP at cloudscale.ch
- Two-factor authentication ("2FA") is an important security feature. In our control panel, you can see for each "member" of your organization whether 2FA is enabled for the account in question or not. By logging your members into our control panel via your own IDP, you can also technically enforce 2FA, if required, which will save you from having to perform periodic checks and give you the certainty that this additional layer of security is in place at all times.
- To simplify onboarding, an email pattern can be stored for every organization on request. Newly created accounts matching this pattern will then be automatically added as a member of the organization in question.
- It is easy for you to define directly in your IDP whether a certain person is actually authorized to log into our control panel. This will also enable you to maintain control when employees join or leave your company.
- If you operate your IDP in our cloud, make sure that you can still take the required repair measures in the case of its failure. This is why we recommend that you include a superuser in your organization that does not depend on the same IDP. Another option is an IDP setup with automatic failover.
Our support team is happy to help if you would like to link your IDP or if you have further questions.
Convenience even without your own IDP – login with GitHub
Even if you do not have your own IDP, there is now also a further login option available. If you would like to log into our control panel with GitHub rather than a password, simply click on "Continue with GitHub" when you sign up and during future logins. The primary email address registered at GitHub is associated with your cloudscale.ch account and serves as the contact address for our communication with you. Please note that, in this case, logging into our control panel depends on the availability of GitHub and your account there.
With existing accounts, it is currently not possible to switch between GitHub-based and password-based logins. Our support team is happy to help if you already have an account and would like to move existing projects to a new account with a different login procedure.
Single sign-on solutions mean that users require fewer different passwords and have to enter them less frequently. This also reduces the temptation to select weak passwords that increase risk exposure. By linking our cloud control panel to your existing IDP, you will make work easier for your employees while simultaneously increasing security for your company and customers.
Your cloudscale.ch team