Security is essential. It’s top of mind for organizations of all sizes and it’s certainly a top priority for Puppet. The latest release of Puppet Enterprise 2021.0 now offers support for SAML 2.0 providing a more secure and efficient authentication path for our customers to access their Puppet environments, applications and tooling.

Security Assertion Markup Language (SAML) is a protocol for authenticating applications and allows companies to set up multi-factor authentication (MFA) and single sign-on (SSO), along with other features provided by the identity provider (IDP). Not only does SAML provide greater security by way of a single point of authentication, it also streamlines the user experience and minimizes the number of credentials to reset—think forgotten passwords. SAML offers extra safeguards to help protect and keep safe an organizations’ intellectual properties.

Let’s dive into some of the key details and discuss how to set up SAML 2.0 for your environment.

With this release, we’ve tested the most common identity providers including Okta v2021.01.0 and Microsoft ADFS 5.0 (Windows 2019). Other IDPs can also be used and we’ve included different attribute mappings for those; however, they may be named slightly differently. For example ‘user.login’ is the same as ‘uid’. More details can be found in our documentation too.

Authenticate securely with token generation

Tokens are needed to authenticate users securely. When SAML is enabled you will use tokens throughout Puppet that are authenticated. The token generation page allows you to get a secure token for a specified lifetime (up to ten years) to use in tools other than the GUI. For example, you can generate a token to use on the command line interface and for APIs with a set timeframe to ensure a secure login to safely access your infrastructure and get work done more efficiently. Additional features include token revocation. which allows Puppet admins to revoke tokens associated with compromised accounts and visibility into tokens generated (not the actual token, just the metadata).

Setting up SAML 2.0

SAML 2.0 support is only available in Puppet Enterprise 2021 and is not backwards compatible. Also to note, organizations can have SAML enabled along with LDAP and/or local user accounts. To learn more about setting up SAML 2.0 to enable multi-factor authentication and single sign-on within your Puppet environment, check out our docs page.

Feedback is super important. Drop us a line in the Puppet Slack channel to let us know what you think.

Margaret Lee is a Product Manager at Puppet.

Learn more

• Learn more about Puppet Enterprise 2021 here.
• Download Puppet Enterprise 2021 here.
• Check out what’s new between releases here.
• See the release notes here.