Mike Elissen

How to enable SSO with SAML for Luna Control Center?

Blog Post created by Mike Elissen Champion on Sep 8, 2017

How to enable SSO with SAML for Luna Control Center?

You are able to use Single Sign-On for LUNA Control Center. By using SAML integration with LUNA, your users can be instantly logged into LUNA.

 

Akamai provides customers with the option of configuring Single-Sign-On to the Luna Control Centre (the Service Provider) using the customer's own Identity Provider(IDP). User authentication is done by the customer's IDP prior to allowing access to LUNA Portal resources. 

 

  

How does it work

 

1. First, an end user attempts to access Luna Control Center using a Service Provider (SP) initiated URL. (This URL is unique to every customer who has SAML SSO configured with the domain taking the form customer_name.luna-sp.com)

 

2. If the end user is not already authenticated, Luna Control Center redirects the end user to Customer’s federated IdP for authentication.

 

3. The end user’s browser will now redirect to the Customer’s Identity Provider.

 

4. The IdP will now authenticate the end user and return an SAML response to the end user's browser.  In accordance with the SAML 2.0 specification, this response is digitally signed with the IdP's private key.

 

5. Now, this response is forwarded to the Luna Control Center.

 

6. Luna Control Center will verify the response sent by the IdP using the public key. If the response is successfully verified, the end user gains access and successfully logs in to Luna Control Center.

 

Configuring SAML SSO in the Luna Control Centre

 

1. Log into Luna Control Centre.

 

2. Click on the "CONFIGURE" tab and click on "Manage SSO with SAML".

Screen Shot 2014-12-22 at 1.43.19 PM.png

 

3. Click Create Identity Provider Configuration to create a new configuration.

 

4. Enter all of the information pertaining to your identity provider in the SSO provisioning application. The asterisks indicate the required fields, where you must enter information in order to successfully create and save a configuration.


 

5. Click Save to save the configuration. Your new configuration will be listed as "Saved" in the Current Status column.

 

6. Once you save the configuration, you can download the corresponding metadata file. This metadata file contains information required to configure your IdP. To download the metadata, click the corresponding gear icon and select Download from the drop-down menu.

 

7.  Next, you can provision your configuration. To do that, click the gear icon and choose Provision from the drop-down menu. The current status will show progression from "Not Deployed" to "Pending Deployment" and finally to "Provisioned".

 

BONUS - What about the timeouts in LUNA?

The amount of time a Luna User can remain in a session, without any activity is 4 hours by default. After this period he will be required to login again. This timeout value can be reconfigured by an Admin User either at an account-level or for Individual users using the Luna Control Center.

 

To change these values,  go to Configure > Organization > Manage Users & GroupsTo change it at the account level, click on the pen icon next to the top-level group, then pick a new timeout value.To change it at the user level, click on a user and then pick a new timeout value.

 

The value can be set to preset durations from 15 minutes to 7 days.  We don’t let allow completely disabling the timeout for security reasons. Note: If there is any activity before the last ten minutes of the Session Expiration, the session will be extended by 1 hour.

Outcomes