A user asked about implementing SSO groups from the dex platform into ControlUp. Documentation on using SSO groups for user roles was shared, along with a suggestion to check assertion data. It was confirmed that the VDI is enforcing the security policy set in the RTDX Console.
Read the entire article here...
SAML Authentication Related Archives
SAML Authentication training and support-related archives from inside the ControlUp Community on Slack.
Troubleshooting ControlUp EdgeDX Portal After License Reactivation
A user asked if it took time for the ControlUp EdgeDX portal to populate after re-activating a license. Advice included trying the Solve URL and using incognito mode. Eventually, the issue was resolved without a clear reason. URLs mentioned included https://solve.controlup.com/orgname and https://app.controlup.com/orgname/saml.
Read the entire article here...
Read the entire article here...
Manually Removing User Accounts Set up with SAML in ControlUp Platform
It was noted that user accounts set up with SAML must be manually removed if removed from Azure sync, as the user management does not currently have a sync with the directory or SAML IDP. ControlUp is looking into deeper integration in the future, with the possibility of adding a public API for user management. Furthermore, an ability to integrate with Entra ID is under consideration.
Read the entire article here...
Read the entire article here...
Configuring SAML Login with Azure App Registration for Multiple ControlUp DEX Tenants
A user was trying to configure SAML login with Azure app registration for two ControlUp DEX tenants; however, the Unique Identifier was the same in both tenants. It was suggested to make the Relying Party Identifier either editable or unique per account. It was further suggested to use the same Azure Application in both DEX organizations settings, however, this would mean giving entry to all tenants. The user was informed that this is not yet possible but will be added to the next year roadmap.
Read the entire article here...
Read the entire article here...
Improved Authentication Method Coming in ControlUp 9.1
A user discussed needing an improved authentication method for the Real Time DX Console, with the preference for Azure OAuth or SAML. This will be included in the 9.1 release, and @member will keep the audience updated when the design is finalized. On-premises users were also mentioned.
Read the entire article here...
Read the entire article here...
Getting Started with Securely Exporting ControlUp Metrics
A user asked if a ControlUp Solve dashboard can be published externally without authentication; it's not possible for security reasons. Alternatives include exporting metrics with PowerShell and HTML and using the Power Platform, or leveraging ControlUp DEX with its username/password authentication. More information on ControlUp DEX can be found at https://support.controlup.com/docs/get-started-with-the-new-dex-platform.
Read the entire article here...
Read the entire article here...
Giving Non-IT Staff Read Rights in ControlUp DEX using SAML Configuration
A user asked about giving non-IT staff read rights for the DEX platform and viewing the VDI/DAAS dashboard without logging into the console (server). It is possible to achieve this using SAML configuration. For further information on this setup, a link was provided - https://support.controlup.com/docs/saml-sso-for-dex#automatic-vdi-daas-user-account-provisioning.
Read the entire article here...
Read the entire article here...
Restricting Access to the ControlUp DEX Portal
The user asked how to restrict access to the DEX portal - the solution provided is to use the SAML login and configure the service provider to only allow access from certain clients or IP addresses. This can be done with the Azure login option, and IP restrictions are on their way to DEX, estimated to be available in early Q1 2024.
Read the entire article here...
Read the entire article here...
Restricting Access to ControlUp DEX Portal
A discussion arose about restricting access to ControlUp's DEX portal, such as with a specific client certificate, IP address or Azure hybrid joined client machine. Using SAML could be a solution as the service provider can deny access if criteria are not met, and IP restrictions are said to be arriving in the early months of 2024. The DEX login method "azure login" does not have further possibilities, but SAML does.
Read the entire article here...
Read the entire article here...
Restricting Access to Organization Creation in ControlUp DEX Instance
A user asked about preventing unauthorized creation of organizations in their DEX instance. They suggested a configuration option to only let full admins create new orgs. It was noted that creating a new organization requires a license and currently there is no way to block it. The user's request was added to the backlog to block organization creation to admins only.
Read the entire article here...
Read the entire article here...