Configuring SSO with AzureAD

Modified on Mon, 9 Aug, 2021 at 4:56 PM

Step 1 – Setup AzureAD


Launch the AzureAD Admin Portal and select the Azure Active Directory menu option

 

From the sub menu select App registrations

 

Then select New registration from the toolbar

 

Give your application a name (my2cloud)


Set the Supported account types to Accounts in this organizational directory only (AssureStor Limited only - Single tenant)


Set the Redirect URI to https://tenant.my2cloud.net/account/login
Note. Replace tenant with your portals prefix.



Click Register to create your application


Copy and save the Application (client) ID

Select Endpoints from the toolbar




Copy and save the

  • OAuth 2.0 authorization endpoint (v2)
  • OpenID Connect metadata document
     
    Note. Remove /.well-known/openid-configuration


You will also need to ensure the App registration is configured to use ID tokens.

Select Authentication from the side menu and scroll down to the Implicit grant and hybrid flows section

Ensure ID tokens (used for implicit and hybrid flows) is checked


Save any changes..


Step2 – Enable OpenID Connect in my2cloud

 

Launch your my2cloud portal and login with full administrative rights. Once logged in, select Settings from the Administration sub menu.


From the available tabs, select External Login Settings


Complete the OpenID Connect fields using the information you saved from step 1

  • Client Id = Application (client) ID
  • Authority = OpenID Connect metadata document
  • Login URL = OAuth 2.0 authorization endpoint (v2)
  • Validate Issuer = checked

 


Click the Save All button


Step 3 – Verify OpenID Connect authentication


For OpenID verification to operate correctly you will need to check the following.

Ensure the default role is setup correctly and does not provide access to any sensitive areas such as administration, billing, etc.

 

When a new AzureAD user signs in for the first time they will automatically be set to use the default role.

 

Select Settings from the Administration sub menu.

 

Select the User Management tab

 

Ensure that the following are checked

  • Allow users to register to the system.
  • New registered users only via External Login.
  • New registered users are active by default.

 

You are now setup for SSO using AzureAD

When a user now authenticates using the OpenID Connect button on the login page


 

They will be directed to your AzureAD login screen to authenticate (including enforcement of any MFA policies) and returned back to the my2cloud portal.


WARNING

To successfully self-register using OpenID Connect the user MUST NOT already exist in the portal. If the user has already been created using the standard user creation workflow please delete the user account first before attempting to register with OpenID Connect.

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article