Federated SSO Support¶

Equinix Metal™ supports Federated accounts, allowing the use of Single-Sign-On (SSO) to sign in and access Equinix Metal. We support any Identity Provider that supports SAML2.

Note: Federation impacts all Equinix products and services at the domain level. Any user that is logging in with an email associated with a federated domain will be impacted by enrolling in federated SSO, even if they are not a part of your Equinix Metal organization.

Registering for SSO¶

To use Federated SSO on Equinix Metal, you must have an Equinix Fabric and Network Edge account and access to the Equinix Customer Portal.

1. Register for an account at https://fabric.equinix.com/home/user/register.
2. Notify Equinix Metal customer support that you have registered at https://console.equinix.com/support or by emailing support@equinixmetal.com.
3. Support will let you know when you can complete the steps on the Register for Federated SSO so you can self-service register for SSO.

For self-service registration, you will need to provide:

• An Identity Provider (IdP) metadata document.

OR

• Your IdP sign in URL, the Single-Sign-On URL where Equinix will post the SAML request.
• And your certificate. Equinix uses this certificate to validate the authenticity of the SAML requests that originate from your organization. Important: Equinix verifies the certificate end date; expired certificates are not accepted.

If you are an existing Equinix customer with an Equinix Customer Portal (ECP) or Fabric account you can register for Self Service Federation, following the steps in the Register for Federated SSO documentation.

When your federated SSO configuration is ready, sign into portal.equinix.com and verify your federated SSO setup. Once the federation setup is complete, any user from your organization can visit the Equinix federation URL or log in using SSO from the Equinix unified login page, and once authenticated, they can access the Equinix Metal console.

Equinix Metal Federated Account Limitations¶

Consider the following limitations when using a federated Equinix Metal account:

• Federation impacts all Equinix products and services at the domain level. Any user that is logging in with an email associated with a federated domain will be impacted by enrolling in federated SSO, even if they are not a part of your Equinix Metal organization.

• There is no Just-in-Time provisioning of user accounts. A user account must be configured prior to their first authentication attempt.

• Federated user accounts will not be able to create their own personal user-level API keys. Access to the API has to be managed at the Project-level using Project API Keys.

• Federated user accounts will not be able to manage their own emails, passwords, or two-factor authentication settings. These are managed by your SSO provider.

Sign in to the Equinix Metal Console Using SSO¶

To sign into the Metal console using SSO, go to console.equinix.com and click Sign In with SSO.

Enter your company email and click Continue.

You will be directed to your enterprise's authentication flow and be taken to the Equinix Metal Portal upon completion.

Managing Your SSO Account¶

To see and manage your federated account information, click on your account icon in the Equinix Metal console. Click My Profile.

If you are an organization owner, click Manage Federated SSO Settings to connect you to the Equinix Customer Portal, where you can manage the SSO settings for your organization.

Documentation on how to manage your federated SSO is available in the Federated SSO FAQs.

If you are not authorized to manage SSO settings for your organization, you must contact your organization owner to enable management permissions for your SSO settings.

Note: Federated accounts will not be able to manage their own emails, passwords, or two-factor authentication settings. These are manged by your SSO provider.