We just upgrade our license to Enterprise to be able to create multi admins accounts and SSO.
Our IdP is Google Workspace and I saw it’s supported! Great!
So I’m trying to understand if using SSO I’ll login on PRITUNL client using IdP credentials (e-mail/password/2FA) and do not use anymore the PIN or if the PIN still be used even with SSO enabled!
A friend of mine said the SSO it’s just to web login and not to day-to-day login on PRITUNL client used on Win or Mac computers.
The feature is called single sign-on connection authentication. There were past releases that did not have this but it is supported in all recent releases. When this is enabled the client will open the web browser to complete a single sign-on authorization for that connection. The authentication cache will also allow reconnections.
option 1 - use PritUNL configured with SSO to Google IdP directly
I have my PRITUNL server configurated to use SSO using Google as IdP. Will PritUNL client open Chrome to allow me to choose my Google account and do not ask password or 2FA (if not required) just connecting to VPN ??
option 2 - I have KeyCloak connected to Google IdP and configure PritUNL to KeyCloak
Will it works as option 2 ?
Do I need to go to a web screen to login with Google credentials before PritUNL client connects even if I’ve already authenticated with my IdP (Google directly or Keycloak) ??
I’d like to simplify user’s life… less passwords, less screens to login… easy to use like an Apple interface!
Keycloak isn’t support. If you have a PIN or Google Authenticator configured in Pritunl the connection single sign-on will ignore those. It’s one prompt in the web browser to complete the Google sign-on. The user will still need to login to the Pritunl web browser to do the initial client profile import.
Thank you by your support.
I’ve upgraded our install and it’s working as need wish it was!!!
I’ll close this thread and start new ones with more doubts! Thanks!