Your corporate login system can be integrated with Vultr's account system by using the Single Sign-On (SSO) feature. SSO helps simplify password management when managing accounts, which is useful for organizations that have employees or contractors.
Just want to login? Visit the SSO login page.
SSO is managed on your main Vultr account. Once enabled, account users will authenticate through your SSO provider. Your main Vultr account is used to create account users and grant them permissions. Password login for your account users is disabled. To log in, your account users must access the SSO login page, enter their email address, then login through your organization.
SSO on Vultr is made available through OpenID Connect. Your login provider would need to be compatible with OpenID Connect. Example compatible services include:
Other authentication technologies, such as SAML, are not currently supported.
Log into the main Vultr account that you want to use to manage SSO. Navigate to the Account/Users page. Follow the wizard in the "Single Sign-On" area.
You will need the provide the following pieces of information:
OpenID Provider URL
OpenID Client ID
OpenID Client Secret
Sign into your Okta Admin panel.
Under Applications, click on "Add Application", then "Create New App".
Select "Web" as the Platform, and "OpenID Connect" as the "Sign on method".
Enter https://my.vultr.com/openid/ as both the "Login redirect URI" and "Logout redirect URI".
Click Save.
Make sure to assign your users to the application via the "Assignments" tab.
Save the Client ID and Client secret from the General tab.
Next, return to the Account/Users page page on Vultr and begin the SSO setup.
OpenID Provider URL: https://<yourdomain>.okta.com/
OpenID Client ID: <Client ID>
OpenID Client Secret: <Client Secret>
Click "Enable SSO". Account users can now login on the SSO login page.
Google Accounts will allow you to use GMail addresses for your account users. Your users must not have previously signed up to Vultr with their GMail address, otherwise adding them as an account user will not work.
First, you'll need to setup OpenID connect on Google.
Sign into the Google API Console.
Create a project in Google Cloud. We'll call it "Vultr Login".
Navigate to the "APIs" / "Credentials" section.
Create credentials for a new "OAuth client ID".
You will be prompted to give your application a name on the OAuth consent screen. This name is shown upon login.
Resume creating credentials for a new "OAuth client ID".
For "Application Type", choose "Web Application". You will be prompted for several fields.
Authorized JavaScript origins:
https://my.vultr.com
Authorized redirect URIs:
https://my.vultr.com/
https://my.vultr.com/openid/
Jot down the "Client ID" and "Client Secret" provided by Google.
If needed, additional documentation from Google is available here.
Next, return to the Account/Users page page on Vultr and begin the SSO setup.
OpenID Provider URL: https://accounts.google.com/
OpenID Client ID: <Client ID>
OpenID Client Secret: <Client Secret>
Click "Enable SSO". Account users on your account with email addresses ending in "@gmail.com" can now login on the SSO login page.
Sign in to Azure and go to "Azure Active Directory"
Go to the "Overview" of your Default Directory
Go to "App Registration" (Link located in footer of "Overview")
Name it something along the lines of "Vultr SSO"
Set the Redirect URI to https://my.vultr.com/openid/
Click "Register"
Now in your newly registered Application
Navigate to "Authentication"
Set Logout URL to https://my.vultr.com/openid/ and Save
Navigate To "Branding"
Set Home page URL to https://my.vultr.com/sso
(Optional) Set Terms of Service URL to https://www.vultr.com/legal/tos/
(Optional) Set Privacy Statement URL to https://www.vultr.com/legal/privacy/
Save
Navigate To API Permissions
Click "Add Permission"
Click "Microsoft Graph"
Click "Delegated Permissions"
Type "Directory" in search field and check "Directory.Read.All"
Type "Group" in search field and check "Group.Read.All"
Type "User" in search field and check "User.Read"
Type "email" in search field and check "email"
Type "offlineaccess" in search field and check "offlineaccess"
Type "openid" in search field and check "openid"
Type "profile" in search field and check "profile"
Click "Add Permissions"
Click "Grant Admin Consent for Vultr" (Might Not Show Up Until We Setup Vultr)
Navigate To "Certificates & secrets"
Click "New Client Secret"
Name it something along the lines of "SSO"
Set Expiration to which ever suits your use case best
Click "Add"
Secret Key For New Client Secret Will Only Be Available Just This Once. Please temporarily copy it to a text file
Navigate To "Overview"
Temporarily Copy "Application (client) ID" to a text file
Temporarily Copy "Directory (tenant) ID" to a text file
Login to Vultr
Navigate to "Account"
Navigate To "Users"
In the "Single Sign-On" Form
Set "OpenID Provider URL" to https://login.microsoftonline.com/DIRECTORYIDGOES_HERE
Set "OpenID Client ID" to the "Application (client) ID" you copied to temporary text file from earlier
Set "OpenID Client Secret" to the "Client Secret" you copied to temporary text file from earlier
Enable SSO
In the "Users" Form
Click the "Add New User" Button
Back In "Azure Active Directory"
Navigate to Your Vultr SSO App if you're not already there
Navigate To "API permissions"
You're Done! Users will need to login using the SSO Page. Only users added under Account/Users can access via SSO.