privacyIDEA SAML - access to SAML url necessary from the internet?

Hi everyone,
Iam currently evaluating the options to add 2FA for Kopano, Nextcloud and OpenVPN in my univention environment.
Since for privacyIDEA the decision has been made that only the ucs connection relevant parts are available in the app store but the privacyIDEA application itself should run natively somewhere else I got one question:
When using the privacyIDEA SAML implementation for UCS, will it be later necessary in order to use 2FA that one needs to be able to access the UCS saml url from the internet or does only the privacyIDEA application have access to saml ?

Thx for any information !

Hello @lw3234,

what do you mean with “SAML URL”? Is it the login form for the single sign-on login that you can find on the UCS portal page at the top right corner?

If your users should be able to login to your UCS environment via single sign-on over the Internet, then this URL needs to be accessable from the Internet, as well.

Best regards,
Nico

Hallo Nico,

I mixed up the concept. I initially thought that privacyIdea will function as frontend for the user to login incl. 2FA. In truth it is the other way round, that login happens as usual over SAML, Radius, Nextcloud Login what so ever with privacyIdea as backend.

Thx for helping me running into the right direction.

Hello @lw3234,

you are welcome.

You can enhance your SAML login with 2FA by using the privacyIDEA SAML app and use the tokens managed with privacyIDEA.

Best regards,
Nico