Service-level response times are the same as for general-release features. Although this new feature/technology has undergone significant testing and is not expected to change significantly prior to general release, the use of this feature/technology is not recommended for production environments. You are encouraged to use this feature/technology for development and testing purposes only.
Table of Contents
Single Sign-On functionality on RightScale enables companies to use their OpenID-enabled identity provider to authenticate users on the RightScale Dashboard.
Note: Since SSO is still in beta, you can still sign in to your account with your email and password even with SSO enabled.
With all accounts, you have the option of enabling OpenID Single Sign-On for your users. You will have a preferences tab called Authentication under Settings > User Settings. Under the Authentication tab, you will be asked to provide the SSO identifier which will be used for your Single Sign-On login. Provide your RightScale password before you save your Single Sign-On Identifier. As an example, if you would like to use your Google Account to Authenticate to RightScale, use https://www.google.com/accounts/o8/id as the SSO Identifier.
As an existing user, you can enable Single Sign-On by linking your account to an identity provider such as an email address, your company's Internet domain name, or the URL of your company's OpenID provider. You will then be prompted to login through your identity provider. After enabling Single Sign-On as an existing user, you are directed to your identity provider, which asks for your login information. After signing in through your identity provider, you are asked for your permission to be authenticated through RightScale. After allowing RightScale to acquire this information, you are directed back to the RightScale UI, where you receive confirmation that your RightScale user has been linked to an OpenID identity.
As an account admin, you can invite accounts as Single Sign-On enabled users. In Settings > Enterprise > Invitations, an "OpenID" icon displays after you input a user whose email address matches your OpenID enabled domain. When you send the invitation, the user's account will be Single Sign-On enabled after accepting the invitation. Once the recipient accepts the invitation by clicking on the link in the invitation email, they will be asked to perform OpenID and a RightScale user is automatically created for them. Your OpenID provider must verify that their email address is the same as the email address to which the invitation was sent or RightScale will refuse to grant permissions. This process provides a tight binding between the invitation and the user's identity, but it can cause trouble if you habitually use email aliases. Ensure that you invite OpenID enabled users using their canonical email address as reported by your provider, not an alias or nickname.
With a Single Sign-On enabled account, your login screen provides you with two options: you can login the traditional way with your RightScale information, or you can login using Single Sign-On. If you choose Single Sign-On, please specify your OpenID Identifier.
After logging in, you are authenticated and automatically directed to the RightScale Dashboard.
Note: RightScale creates an informational cookie on your machine with the Identifier you provide. This way, you will not need to enter your Identifier every time you login using Single Sign-On. However, you should remember your Identifier in order to login from different machines.
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.