Add Rackspace Federation to your identity provider

This section provides information about adding Rackspace Federation to your identity provider.


Ensure that you have done the following items before continuing:

Common Identity Provider setup instructions

Use the following instructions to add Rackspace Federation through the interface of commonly used identity providers. Select the instructions for your Identity Provider from the following list:

Add an Identity Provider

The first step to use Federation is to add an Identity Provider, which is the authentication system that you want to use to authenticate with Rackspace. For example, if you want the employees of your company, Aeronautics-R-Us, to authenticate to Rackspace products and services by using your Aeronautics-R-Us credentials, you need to update your Rackspace account with some information.

Click one of the following links to learn how to add an Identity Provider:

Create and upload the SAML configuration file

Next, you need to upload an XML file that contains the required metadata to complete the setup of your Identity Provider. Most identity systems have a method for generating the metadata file either automatically, or after you’ve completed some basic configuration.

For general and provider-specific guidance about configuring your identity system and retrieving your metadata XML file, see the section Configure Third-Party SAML providers.

Create the Identity Provider

After your XML file is attached, click Create Identity Provider.

Configure the Attribute Mapping Policy

The Attribute Mapping Policy is a YAML-formatted policy for managing the mapping of SAML attributes to Rackspace required roles and permissions.

A default Attribute Mapping Policy is provided when your Identity Provider is created. This policy shows the default attributes that are required for users logging in to Rackspace, as shown in the following example.

Default Attribute Mapping Policy

    - local:
          domain: "{D}"
          name: "{D}"
          email: "{D}"
          roles: "{D}"
          expire: "{D}"
  version: "RAX-1"

The default Attribute Mapping Policy must be customized to specific values before your users log in or are able to use Rackspace products and services. For more information on Attribute Mapping, see Configure Attribute Mapping. To see examples for specific third-party providers, see Configure Third-Party SAML providers.

For more examples and a complete guide to the Attribute Mapping Policy language, see the Appendix: Attribute Mapping Policy Reference.

Log in

After your Identity Provider has been created, you can test your setup. Either visit and click the link titled Use your organization’s credentials to log in or create and use a bookmark for

During the login process, expect the following steps to occur:

  1. Enter your email address and click Next.
  2. You are redirected to your third-party SAML provider login page.
  3. After submitting your credentials, you are successfully logged in and redirected back to the Rackspace Control Panel.

If you experience problems logging in, see Troubleshooting.