Managing single sign-on (SSO)
The Flex Appliance Console supports single sign-on (SSO). Note the following prerequisites and considerations:
To use SSO, you must have a SAML 2.0 compliant identity provider configured in your environment.
Only identity providers that use AD or LDAP directory services are supported.
SSO users cannot use the APIs. API keys are used to authenticate a user and therefore cannot be used with a SAML-authenticated user.
SSO users must use the fully qualified domain name (FQDN) in the URL to access the Flex Appliance Console. For example, https://consoleFQDN. The IP address option does not work for SSO.
Single logout (SLO) is supported if an SLO POST binding URL is present in the identity provider (IDP) metadata. If it is not present, you sign out only from the appliance and not from the IDP. In this situation, Cohesity recommends that you close your browser after signing out for security purposes.
Note:
For some IDPs with SLO, you are not redirected to the sign-in page after you sign out of the console. Open a new session to sign back in.