Has anyone tried to setup SSO with Apigee Edge Enterprise UI, specifically using ADFS SAML?

david_ryan
Participant V

Ideally the goal here is to use adfs and SAML for a single sign on to apigee edge, rather than using Apigee's openldap for authentication to the Enterprise UI. If anyone has tried this or has the details can you share them?

Solved Solved
3 25 3,402
1 ACCEPTED SOLUTION

jdsa
Participant II
25 REPLIES 25

Hi David, what is your version of apigee edge?

You can delegate authentication to AD [or any ldap v3], so AD can be used for authentication instead of openldap

So one could login with their AD creds to enterprise UI,

but SAML based SSO for Enteprise UI is not supported today

We are looking at the 3rd party authentication using LDAP but I was more interested in single sign on.

ah ok, unfortunately, its not supported today

jdsa
Participant II

Support for SAML2 is something that's definitely in the roadmap.

We are in process of implementing Apigee Edge Cloud in our org. To avoid maintaining users and passwords in Apigee, we would love to have ability to SSO into Edge management UI using SAML. @Joel D'sa, any estimates on when is Apigee planning to have the feature?

Not applicable

We have been pushing for this for MONTHS.

Not applicable

my understanding - from what i have been told - is that this will be released AT THE EARLIEST in the second OPDK release in 2016. We pushed hard for this feature - making the argument that the existing options for SSO are .. well .. not particularly useful.

If it magically showed up in the next release I would have a party!

Not applicable
@sudheendra1

do you know when this will be available?

Not applicable

Any updates on allowing SAML login to APIGEE compared to username and password based login ?

Apigee now supports authentication to the Apigee Edge management UI via an external SAML-based identity provider (IdP). This makes it easy for customers to leverage an IdP (ADFS, Okta, Ping, or OneLogin, for example) of their choice, as long as it supports SAML 2.0 to authenticate Apigee Edge users.

We’re excited to announce the general availability of SAML-based single sign-on (SSO) for Apigee Edge for customers managed and hosted by Apigee.

For more details, refer here.

Is there a plan to extend SAML based SSO support to private cloud?

Yes, SAML support for OPDK is definitely in the roadmap.

Is it applicable for private cloud ? especially with Active Directory Federation services as the IdP ?

we are using the new 4.19.01 version.

all of the documentations are based on Apigee Edge for customers managed and hosted by Apigee.

@Shawky Foda Yes, SAML integration with ADFS and New UI Experience are applicable for private cloud as well.

For installing Edge OPDK components you are expected to use OPDK documentation. Steps for configuring ADFS/Edge SAML integration are same across both offering, so you use Cloud doc pages.

Thank u @yuriyl

Could u provide a link to the Cloud doc pages which could be used for private on premise cloud. Thanks

Here's the doc for SSO/SAML for Private Cloud 19.01:

https://docs.apigee.com/private-cloud/v4.19.01/supporting-saml-edge-private-cloud

Stephen

You might find useful a lab we have on Apigee SSO/ADFS integration in a single end-to-end scenario.

In addition to steps, described by documentation it contains sections for setting up AD DC and AD FS with screenshots and useful debugging/troubleshooting technics.

https://yuriylesyuk.github.io/alfa/edge-sso-adfs-nee

Hi @yuriyl ,

On Apigee edge private cloud, is it possible to enable login using Azure AD SSO?

You will get better results if you ask a new question as a new question, rather than submitting your question as a comment to a 5 year old thread.

Hi @Anil Sagar
I Have an extended question regarding SAML based SSO.
For private cloud, is it possible to have a set up as explained below

Login to Edge UI using SSO

But roles are managed using external LDAP (corp AD)

Not applicable

jdsa
Participant II