Cumulocity IoT SSO login FAQ
What will happen if I delete the local Cumulocity user?
- If you delete the local Cumulocity user and try to login using next time using SSO, SSO would create the local user without assigning any role. The administrator must do the role mapping again to have proper Cumulocity access to that user.
What will happen if I delete the SSO user?
- If you delete the SSO user, Cumulocity will have a local user, but it does not store the credentials in Cumulocity, so login does not work. The local user must be cleaned up by Administrator and User must sign up again in SSO. The Administrator must assign the right role, so the user would have the right permission.
What will happen if the local Cumulocity user is still there and SSO signs up using the same email id / user Id
- It will create a SSO user by keeping the local user and it’s role mapping intact and same user would be available as SSO as well as the local user but it throws an error.
How to assign a default role to a user on SSO Sign up
- We can use dynamic role mapping in Cumulocity SSO to assign a default role on SSO signup and it will allow user to login into default app with limited access controlled by default role.
Administration - Cumulocity IoT Guides
How to get rid of the default Cumulocity basic Auth form
- Using the login form CSS the basic auth login form can be hidden by adding a global CSS file and hiding that class as not to display.
Is this possible to have land user in a static page and later route the user to a right application based on their role or access?
- Yes, we can create a custom application with a static HTML page and a default global role. Assign the default global role to the user on SSO sign up using SSO dynamic role mapping and user should be redirected to this custom application by default by setting this custom app as tenant default application. The default role will have no Cumulocity access except the custom application.
This custom application will have the logic to check SSO user’s role and based on that route the user to right application. This routing can happen seamlessly with addition authentication since these are SSO users and no additional authentication required.
Useful links
Using Auth0 as Single-Sign-On for Cumulocity IoT
Auth0 is a popular service offering authentication as a service and can easily be connected to be used with Cumulocity IoT as a SSO provider. The following steps will show how to correctly configure both the Auth0 and Cumulocity IoT account. Prerequisites A tenant on Cumulocity IoT. You will need admin access to be able to configure the SSO provider inside Cumulocity IoT. A tenant on Auth0. There is a free plan available that supports up to 7000 users and gives all the functionality we need…
How to simplify login authentication when switching between multiple tenants/subtenants
Introduction Imagine that you are an administrator of a Cumulocity IoT platform with one management tenant and multiple subtenants. Your job is to manage and monitor these tenants. You set up a Data broker to forward the required data from the subtenants to the management tenant so that you can coordinate the whole picture. Suddenly you find anomalies in some of the subtenants and you need to log in to each subtenant separately to check the details. While you are entering your username and p…
Cumulocity IoT SSO Integration with Okta
Cumulocity IoT can integrate with Okta as an identity provider (IDP) using OpenID Connect. The connection can be made with out of the box functionality from both Cumulocity IoT and Okta. This document will guide users through the process of making the initial integration. Prerequisites Cumulocity IoT tenant with access to the Administration application and permissions to modify Authentication settings Okta account with permissions to create custom applications and custom authorization serve…