Azure
Configure Azure AD as an Identity Provider Walkthrough
Step 1. Configure Azure AD as an Identity Provider
Add a non-gallery application to Azure AD.
- Make sure to give the application a descriptive name, e.g.
VegacloudPlatform-SSO
.
- Make sure to give the application a descriptive name, e.g.
Once inside the application created in the previous step, on the left menu navigate to
Single sign-on
.For the
Select a single sign-on method
menu, select theSAML
menu item.Now in the
Set up Single Sign-On with SAML
page, locate the first step labeledBasic SAML Configuration
.- Select the
Edit
button for that step.
- Select the
Once inside the edit view for the
Basic SAML Configuration
, add an Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) by pressing the appropriate buttons.- Set placeholder values in the Entity ID and Assertion URL fields.
Next locate and select the
Save
button on the top left of the edit menu.Once those values are set you can then go to the next step and edit the
Attributes & Claims
in Step 2.The default claims in the
Additional claims
section should be removed to clean the space.Next Select the attribute in the
Required claims
section in order to edit it with the following values.- For the value select the
Source
optionAttribute
which will then provide a filterable dropdown.
Format Value Unspecified Object or field that represents a user's email address, e.g. user.mail
.- For the value select the
Then create three attributes with the values below by locating and selecting the
Add new claim
button above theRequired claim
section.- For all the values select the
Source
optionAttribute
which will then provide a filterable dropdown.
Name Format Value firstName Unspecified Object or field that represents a user's first name, e.g. user.givenname
.lastName Unspecified Object or field that represents a user's last name, e.g. user.surname
.email Unspecified Object or field that represents a user's email address, e.g. user.mail
.- For all the values select the
Back in the
Set up Single Sign-On with SAML
menu, step 3 labeledSAML Certificates
contains a download for the Base64 Certificate- Locate and select the relevant download button.
- The file is downloaded as a .cer file, but in order to use it, the file format will need to be converted into .pem.
openssl x509 -in path/to/mycert.cer -out path/to/mycert.pem -outform PEM
Step 2. Select the Settings Single Sign-On Tab
- Log into the Vegacloud Platform.
- On the left menu navigate to
Settings
> select theSingle Sign-On
tab.
Step 3. Provide Azure credentials to Vegacloud Platform
- First select the SAML menu item and then select the
Next Step
button. - On the configuration screen enter the information below.
- Configuration Name/Alias
- The alias to identify the configuration.
- The Configuration Name can not have spaces.
- The alias to identify the configuration.
- Display Name
- The user-friendly name for this configuration.
- The display name is able to have spaces.
- The user-friendly name for this configuration.
- Issuer URI
- If this value is unknown select the
Fill With Placeholder Values
button for a temporary value.
- If this value is unknown select the
- Single Sign-On URL
- If this value is unknown select the
Fill With Placeholder Values
button for a temporary value.
- If this value is unknown select the
- Request Binding
- Select
HTTP Post
.
- Select
- Response Signature Algorithm
- Select
SHA256
.
- Select
- Identity Provider Signature Certificate
- Select the
Select Signing Certificate
button. - choose the .pem file created in Step 1.11.
- Select the
- Configuration Name/Alias
- Finally select the
Create
button. - Once created select the arrow drop down for the newly created SAML configuration.
- Inside the dropdown locate and select the
Vega IdP Metadata XML
link.- This will download the xml file which contains the metadata.
Step 4. Configure your Azure Application with Vega MetaData
- Traverse back to your Azure Application created in Step 1 in Azure portal.
- And again once inside the application, on the left menu, navigate to
Single sign-on
. - Back in the
Set up Single Sign-On with SAML
page, relocate the first step labeledBasic SAML Configuration
.- Select the
Edit
button for that step.
- Select the
- Edit the Entity ID and Assertion Consumer Service URL by replacing the previous placeholder values with new values from the Vega Metadata.
- Identifier (Entity ID)
Audience URI
from the Vegacloud Platform Metadata.
- Reply URL (Assertion Consumer Service URL)
Assertion Consumer Service URL
from the Vegacloud Platform Metadata.
- Identifier (Entity ID)
- Locate and select the save button on the top of the
Basic SAML Configuration
edit page.
Step 5. Replace the placeholder values in the Vegacloud Platform Azure SAML configuration
- Still inside the Azure application's
Single sign-on
menu, navigate and locate step 4 that starts withSet up..
.- Copy both the
Login URL
field and theMicrosoft Entra Identifier
field to use as substitution for the placeholder values.
- Copy both the
- Traverse back to the Vegacloud Platform's
Single Sign-On
tab as in Step 2. - Select the dropdown to open the detail view for the Azure Saml Configuration as in Step 3.5.
- Replace the previous placeholder values with the above values located in the new tab that had opened.
- Issuer URI
- value copied from the
Microsoft Entra Identifier
field in Step 5.1.
- value copied from the
- Single Sign-On URL
- value copied from the
Login URL
field in Step 5.1.
- value copied from the
- Identity Provider Signature Certificate
- Ensure that there is still a .pem attached to the configuration and that it is still the PEM file from Step 1.12.
- Issuer URI
Step 6. Assign users to your Azure Application
- In the Azure SAML application that was created in Step 1 navigate to the
Users and groups
on the left menu. - Locate and select the
Add user/group
on the top of the page. - Select the
Users and groups
field which will then open a table menu on the right. - Ensure that all of your Vegacloud Platform users that will be using SSO are assigned.
- By either selecting the users or groups that apply.