No more firstname.lastname@example.org, email@example.com. You can now have as many teams as you wish with the same user. Authorization, subscriptions and billing are completely separated. Switch team or create a new one from the user menu.
If you are admin of multiple teams, you will have the option to transfer ownership of subscriptions between your teams via the edit instance view. The current team will be billed for this months usage up to the transfer and the new team from that point and onwards. Of course, there is no interruption of service when transferring ownership.
We have also implemented some new SAML Single sign-on (SSO) features, namely the possibilities to enforce user roles and turning off password-based logins. From now on password-based logins will still be enabled when you first activate SAML SSO so you can test it out without the risk of locking yourself out of your account. Once you have verified that your SSO is working as expected, you can turn off password-based logins from the team/saml view.
The other new SAML feature is the possibility to enforce user roles via your Identity Provider (IdP).
To do this, your IdP should send the attribute
with values like
your-team-saml-uuid/[ admin | member | billing manager | compliance manager | your tag role ]
. You can find the uuid on the team/saml view. The SAML response should include something like this:
<saml2:AttributeStatement> <saml2:Attribute Name="84codes.roles"> <saml2:AttributeValue>your-team-saml-uuid/member</saml2:AttributeValue> <saml2:AttributeValue>your-team-saml-uuid/Staging</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement>
Turn to your IdPs documentation for assistance on how to set this up. Here are links to a few of the most popular:
- G Suite: Using SAML, custom attributes
- Okta: Setting up SAML, custom attributes (stackoverflow)
- Onelogin: Add SAML Test Connector, custom attributes
We hope this will ease the user and team management for you and make CloudMQTT an even smoother experience.
Please send us an email at firstname.lastname@example.org if you have any questions or feedback to this blog post.