Identity Provider (IdP): The software tool or service that performs authentication. These authentication activities are typically contained in an IdP application. This includes checking usernames and passwords, verifying account status, invoking multi-factor authentication, etc.
IdP Initiated Logins: Users login from the IdP's website, typically from a dashboard containing the apps they are authorized to use.
Service Provider: The web application where the user is trying to gain access. For our purposes, NetCloud Manager is the Service Provider.
Service Provider (SP) Initiated Logins: Users login from an app or service maintained by their organization. SP-initiated logins to NetCloud Manager require using the Ericsson Enterprise Wireless login page, selecting the Sign In With SSO button and then entering their Company Identifier.
NCM ACS URL: Required by the IdP app to redirect authenticated users to NetCloud Manager as logged in users.
NCM SP Entity ID: Required by the IdP app to identify NetCloud Manager as the Service Provider.
Company Identifier (SP-Initiated logins): A unique identifier for your company. This is used when logging in with SP-Initiated logins.
Sign On URL (SP-Initiated logins): A URL from the IdP app where user logins are authenticated.
IdP app ACS URL: Required by NetCloud Manager to send authentication requests to the IdP app.
IdP app SP Entity ID: Required by NetCloud Manager to identify the IdP app.
Hash Algorithm: This setting in the NetCloud Manager SSO configuration must match the same setting in the IdP app.
Certificate Text: Comes from the IdP app and used in the NetCloud Manager SSO configuration.
User Attributes: Required attributes (first name, last name and email address) that uniquely describe an SSO user.
Forced Permissions: Optional attribute used to set an SSO user's NetCloud Manager role and account. The forcedPermission attribute is set using a JSON value. See Forced Permission Examples for more information.
SAML (Security Assertion Markup Language): A machine-readable file exchanged between an IdP and a service provider for authenticating users. Admins and users typically don't work with SAML files directly. It can be helpful to understand that SAML files are what carry authentication information between an IdP and a service provider.
Legacy SSO: Refers to the SSO system used by customers who enabled SSO with Cradlepoint’s assistance prior to August 20, 2024. These SSO integrations were done by request before the self-serve SSO feature became available.
Note
Legacy SSO is no longer supported. See Migrating Legacy NetCloud Manager SSO Integrations to Self-Serve SSO for more information.
Self-Serve SSO: The current SSO system used by Ericsson Enterprise Wireless Solutions. Self-serve SSO allows customers to configure SSO without assistance.