General information about federations

Identity federations allow you to configure authentication in the Control Panel using Single Sign-On (SSO) technology. With this authentication method, user data is stored at your Identity Provider (e.g., Keycloak, ADFS, and other SAML-compliant providers).

To work with federations, identity providers must support one of the following protocols:

• SAML 2.0;
• or OpenID Connect.

You can configure up to 10 federations to provide access through accounts from different providers.

You can manage federations through the control panel and the Federations API.

Records of operations with federations are saved in audit logs.

Federated users

To work through federations, users with the login method Federation are used. You can:

• add a federated user manually;
• or when creating a federation (SAML, OIDC) enable automatic user creation and configure user group mapping.

Federated users authenticate in the Servercore control panel via SSO in the same way they do when logging into their organization's corporate systems. During authentication, the user is redirected to the identity provider's authorization page—they do not need to have a separate account for Servercore or enter a login and password every time they log in to the control panel.

The login and password of a federated user are not stored in Servercore.

A federated user does not have API access.