External Identity Provider | Getting Started

Customers subscribing to Cirrus External Identity Provider will have an instance provisioned during customer on-boarding.

Customers often subscribe to one or more additional Cirrus Identity modules to support desired implementations. Customers often configure the External Identity Provider, alongside other Cirrus solutions such as the Cirrus Gateway, Cirrus Identity Provider Proxy, Cirrus Account Linking, and/or Cirrus Invitation.

The following are the steps needed to get started using Cirrus External Identity Provider:

  1. Customers should take a moment and think about their External IdP deployment. Cirrus Identity can offer generally accepted practices, customer stories, and professional services to help. Reviewing the questions covered by the Cirrus External Identity Provider | Planning Steps is a good first step:

    • Who is the target audience?

    • What is/are the Service Providers that will be accessed?

    • How will password reset be handled?

    • How will this identity provider be branded?

  2. Depending on the customer, Cirrus will provision other modules based on the customer’s subscription (or trial/PoC agreement). Modules such as Cirrus Gateway, Cirrus Identity Provider Proxy, and Cirrus Invitation each have associated setup. See the “Getting Started” for each module as appropriate:

  3. If there is a service provider (SP) that will use the External IdP, but the metadata for the SP is not published to federation metadata (for example InCommon or eduGAIN), the metadata needs to be sent to Cirrus Identity Support (support@cirrusidentity.com) for configuration. Additionally, if there is an SP with special attribute requirements, regardless where the metadata is published, that also needs to be communicated to Cirrus Identity Support.

  4. A member of the organization needs to have access to the Cirrus Console and to be granted the “Organization Administrator” (org admin) role for your organization. (See Cirrus Console Getting Started)

  5. Before the External IdP can be completely setup, an “Organization Administrator” must complete the setup of the customer organization’s user interface.

  6. Cirrus Identity will provide a URL so that customers can download the metadata for the External IdP. This will need to be added to any service providers (other than Cirrus Identity Provider Proxies) that need to leverage the External IdP.

Once these steps are complete, you are ready to add the External IdP to the configurations of other Cirrus Modules.