SAML Authentication in EZSH shell
How does the SAML user login to the EZSH shell?
Overview: This article outlines how SAML users can access the EZSH shell by first logging into the Ezeelogin GUI, resetting their password and security code, and then using SSH or the webSSH console, with an option to skip 2FA for easier access.
Note: SAML is an authentication mechanism for web applications. It’s based on web protocols and it cannot be used for user authentication over SSH.
Step 1. First login to the Ezeelogin GUI using SAML Authentication.
Step 2. After logging into the GUI, you need to reset the password and security code of the saml user under Account>Password in order to ssh to the Ezsh shell
Step 3. After resetting the password and security code you can ssh to the Ezsh shell (using Terminal or putty)with the saml username as shown below in the screenshot.
Step 4. You can also login as saml user and click on the webssh console to access the Ezsh shell.
Step 5. The web ssh console would open on browser tab and will look as shown below.
How to Skip Two factor Authentication for SAML?
Step 1. If you are SSH ing with 2FA enabled using Putty or Terminal it would prompt you to enter the 2FA codes, The 2FA step can be disabled for SAML Authentication under Settings > Two Factor Authentication> Skip Two Factor Authentication for SAML.The user will be able to ssh without being prompted for the 2FA codes only if the user is logged into the webpanel , otherwise if the user is not logged into the webpanel it would prompt for the 2FA codes.
Step 2. It is recommended to use the webssh shell for the SAML authentication. The webssh shell is more convenient as the user would not have to open an ssh client such as putty/terminal and enter the username/password and 2FA codes. Using the webssh, the user can ssh from the webpanel itself and 2fa will not be prompted if you have enabled the Skip Two factor Authentication for SAML.