Signing in when SSO is enabled

When SSO is enabled and you sign in to StorageGRID, you are redirected to your organization's SSO page to validate your credentials.

Procedure

  1. Enter the fully qualified domain name or IP address of any StorageGRID Admin Node in a web browser.
    The StorageGRID Sign in page appears.
    • If this is the first time you have accessed the URL on this browser, you are prompted for an account ID:
      Signing in with SSO enabled first access
    • If you have previously accessed either the Grid Manager or the Tenant Manager, you are prompted to select a recent account or to enter an account ID:
      StorageGRID Sign In page if SSO is enabled
    Note: The StorageGRID Sign in page is not shown when you enter the complete URL for a tenant account (that is, a fully qualified domain name or IP address followed by /?accountId=20-digit-account-id). Instead, you are immediately redirected to your organization's SSO sign-in page. Go to step 4.
  2. Indicate whether you want to access the Grid Manager or the Tenant Manager:
    • To access the Grid Manager, leave the Account ID field blank, enter 0 as the account ID, or select Grid Manager if it appears in the list of recent accounts.
    • To access the Tenant Manager, enter the 20-digit tenant account ID or select a tenant by name if it appears in the list of recent accounts.
  3. Click Sign in
    StorageGRID redirects you to your organization's SSO sign-in page. For example:
    example organization sign in page for SSO
  4. Sign in with your SSO credentials.
    If your SSO credentials are correct:
    1. The identity provider (IdP) provides an authentication response to StorageGRID.
    2. StorageGRID validates the authentication response.
    3. If the response is valid and you belong to a federated group that has adequate access permission, you are signed in to the Grid Manager or the Tenant Manager, depending on which account you selected.
  5. Optionally, access other Admin Nodes, or access the Grid Manager or the Tenant Manager, if you have adequate permissions.
    You do not need to reenter your SSO credentials.