Skip to main content

Azure

Configure Azure Entra ID as an Identity Provider Walkthrough

Step 1. Create Vega Platform SSO Configuration

  1. Log into the Vegacloud Platform
  2. Click the gear icon Platform Gear Icon in the top-right corner then Organization Settings
  3. In Organization Settings click Single Sign-On
  4. Click on +SSO Configuration
  5. Leave the radio button for SAML selected
  6. Click Fill With Placeholder Values
  7. Enter a Configuration Name e.g. VegaPlatformSSO (cannot contain spaces)
  8. Enter a Display Name e.g. Vega Platform SSO (this will be the display name of the SSO config on the platform login page)
  9. Leave defaults for remainder of settings and click Create
  10. Click the pencil icon SSO Config Pencil Icon next to the newly created SSO Config
  11. At the bottom of the config expand Settings and configuration data...
  12. Copy both the Audience and Single Sign-On ACS URL values to a notepad for use in later steps

Step 2. Configure Azure Entra ID as an Identity Provider

  1. Login to the Azure Portal and navigate to Enterprise Applications
  2. Click + New application
  3. Click + Create your own application
  4. In the modal that pops up give the app a name, e.g. Vega Platform SSO
  5. Select Integrate any other application you don't find in the gallery (Non-gallery) and then Create
  6. Within the left-hand nav menu of the newly created Enterprise Application, select Manage > Single sign-on
  7. Select SAML
  8. Click Edit on the Basic SAML Configuration in Section 1
  9. Click the Add identifier link under Identifier (Entity ID) and paste in the Audience that was copied in **Step 1 **
  10. Click Add reply URL under Reply URL and Paste in the Single Sign-On ACS URL that was copied in Step 1
  11. Click Add reply URL to add a second reply URL, modifying the Single Sign-On ACS URL from https through endpoint e.g. https://auth.vegacloud.io/realms/democompany/broker/vegademocosso/endpoint

sso-azure-double-reply.png

  1. Click Save and then close the Basic SAML Configuration modal
  2. When prompted to test the configuration, click No, I'll test later
  3. Click Edit in Attributes and Claims Section 2
  4. Remove all Additional claims defaults by selecting the 3-dot context menu next to each item and then selecting Delete
  5. Click the remaining Required claim to modify it
  6. Click the dropdown for Name identifier format and change it to type Unspecified
  7. Replace the Source attribute with an object or field that represents a user's email address e.g. user.mail and then click Save
FormatValue
UnspecifiedObject or field that represents a user's email address, e.g. user.mail
  1. Within the Attributes & Claims window, click + Add new claim
  2. Name the first claim firstName
  3. Click the carrot next to Choose name format and then set Name format to Unspecified
  4. Click the Source attribute field and select a value that represents a user's first name e.g. user.givenname, then click Save
  5. Repeat steps 20-23 to create the other two additional claims using the table below
NameFormatValue
firstNameUnspecifiedObject or field that represents a user's first name, e.g. user.givenname
lastNameUnspecifiedObject or field that represents a user's last name, e.g. user.surname
emailUnspecifiedObject or field that represents a user's email address, e.g. user.mail

  1. Back in the Set up Single Sign-On with SAML menu, Section 3 labeled SAML Certificates contains a download for the Base64 Certificate

    1. Locate and select Certificate (Base64) to download
    2. The file is downloaded as a .cer file, but in order to use it, the file format will need to be converted into .pem
    3. Here is an example file conversion CLI command using OpenSSL:
      • openssl x509 -in path/to/mycert.cer -out path/to/mycert.pem -outform PEM

  2. Within the SAML-based Sign-on Section 4

    1. Copy the Microsoft Entra Identifier URL and save to text editor as Issuer URI
    2. Copy the Login URL and save to text editor as Single sign-on URL

Step 3. Finalize Vega Platform SSO Configuration

  1. Back in the Vega Platform within the SSO Configuration created in Step 1
  2. Replace the Issuer URI with the value from your text editor
  3. Replace the Single sign-on URL with the value from your text editor
  4. Click the Upload Signing Certificate button and select the newly converted .pem file and then click Save

Step 4. Assign users to your Azure Application

  1. Within your newly created Enterprise Application in Azure, navigate to Manage > Users and groups
  2. Click + Add user/group
  3. Within Add Assignment under Users and groups, click None Selected
  4. Using the Search field, locate and select the Users and/or Groups you wish to have access to the SSO application
  5. Once your have your Users/Groups selected, click Assign
    warning

    Inheritence through Group nesting is not allowed, a user must be a direct member of a Group that is assigned to the SSO application.

Step 5. Test SSO Integration

  1. Log out of the Vega Platform by clicking your user icon in the corner and selecting Log out from the dropdown menu
  2. Log back in using SSO via https://<your-slug>.vegacloud.io or through the Azure MyApps tile
  3. Click the link that contains the display name of your SSO integration under the Sign In button to login

Platform SSO Sign-in

Support

If you encounter any issues or need further assistance, please contact Vega Support at support@vegacloud.io.

By following these steps, you should have successfully configured Azure SSO with the Vega Platform. Ensure all steps are completed accurately to avoid any configuration issues.