Is there any documentation around configuring MAAS access with SAML authentication?
Hi @arozar,
Authentication and authorization in MAAS are handled through a combination of RBAC, Candid, and an identity provider (e.g., SSO) (link).
The post below can help visualizing how the “MAAS/RBAC security architecture” elements interact between them:
https://discourse.maas.io/t/rbac-and-candid/6724/2#heading--the-rbac-maas-security-architecture
Thanks @javier-fs - The link labeled link does take me anywhere. The other link I have seen, but (unless I missed it)it does not help me understand how to enable or configure SAML or SSO in MaaS.
MAAS itself doesn’t have built-in SAML configuration. The authentication goes through Candid, which can be set up to talk to your SSO provider. MAAS then uses Candid for login and RBAC for permissions.
If you need SAML, you should:
- Deploy a Candid service
- Configure Candid
- Point MAAS to use that Candid instance
The Candid community might be the best option to get that kind of documentation, find discussions or raise a question about SAML