It is now possible to configure your tenant on Hosted Mender to leverage a SAML-compatible Identity Provider (IdP) to identify and authenticate users. Thanks to this feature, users can log in to Mender using their existing credentials (e.g., Azure/Microsoft, AWS, or any other SAML-compatible service.
Setting up Mender as a SAML Service Provider (SP) requires uploading the SAML metadata from your IdP in the “Organization and billing” settings view. Once the XML metadata file upload is complete, you will obtain the Start URL (login URL), which will initiate the SAML authentication for your user.
Only authorized users from your IdP can log in to Mender. You can authorize users by creating them in the “User management” settings view, leaving the optional password field blank. This way, the user will be automatically linked to the SAML IdP on the first log-in.
The feature is available in the Enterprise plan on Hosted Mender and in the on-prem version of Mender Enterprise.