Business Community > Controllers > SAML Users/Roles
< Controllers

SAML Users/Roles

SAML Users/Roles

SAML Users/Roles
SAML Users/Roles
2 weeks ago - last edited a week ago
Tags: #Controller
Model: Omada Software Controller (Windows)  
Hardware Version:
Firmware Version: 5.15.20.17

 

I have recently installed the BETA copy of the software controller and I am mostly happy with it so far. We previously had numerous OC200 controllers - one per site.

 

Under "Accounts" I see there is provision for  SAML User and SAML Role. 

 

Am I correct to think that by using these functions I should be able to configure login to the controller to be needing an approved Microsoft EntraID account  ?

 

Would there be any documentation/guidance available for how to configure on the Omada Controller and within Entra ? 

 

 

Thanks,

 

 

Andy 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:SAML Users/Roles-Solution
a week ago - last edited a week ago

Hi  @tiny-pangolin 

 

You should be able to copy the entry ID from the following page:

 

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
  0  
#4
Options
5 Reply
Re:SAML Users/Roles
2 weeks ago - last edited 2 weeks ago

  @AndyBH 

 

Am I correct to think that by using these functions I should be able to configure login to the controller to be needing an approved Microsoft EntraID account  ?

>>> Yes. 

 

Currently, we don't have a guide about this config. Do you have any question when configuring it?

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:SAML Users/Roles
a week ago

  @Vincent-TP When Trying to configure this with authentik, I receive an error saying invalid parametrs when I load the data from a url or file. If I enter the data manually I get an error saying invalid format on the Entity ID. What format does the entity ID need? Also do you know when docs will be available for this?

  0  
  0  
#3
Options
Re:SAML Users/Roles-Solution
a week ago - last edited a week ago

Hi  @tiny-pangolin 

 

You should be able to copy the entry ID from the following page:

 

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
  0  
#4
Options
Re:SAML Users/Roles
a week ago

  @Vincent-TP 

 

Sorry Vincent, I would need guidance on both ends - the Controller and the Microsoft end.

 

By the look of it I would create a "custom app" under IntraID Enterprise Applications ?

 

 

I basically want to be able to use our Microsoft AD/Entra usernames and passwords to log into the omada controller (running on Windows Server on our domain).

 

 

Thanks, 

 

Andy 

  0  
  0  
#5
Options
Re:SAML Users/Roles
Yesterday

This is now in Stable release as well 5.15.20.19.  I still can't find any official documentation on how to configure with the major IdPs (Entra, Google, Okta)...

 

I am very familiar with setting up SAML apps within our Entra tenant but so many questions regarding your implementation.

 

Specifically for on-prem hosted controllers:

 

How does enabling SAML interoperate if you have enabled cloud access and have cloud enabled users?

Does SAML redirect through your cloud services to reach our on-prem box?

Or is this local only and cloud users can still login separately with their TPLink IDs?

If thats the case then we will need to configure some kind of reverse proxy to make on-prem controller reachable from Entra ID correct?

Once enabled are local users still able to login alongside SAML users? Cloud users? 

If not, is there a fallback URL for local users if SAML is ever misconfigured/expired?

 

Thanks,

 

 

 

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 191

Replies: 5

Tags

Controller
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.