Contents x
      Configure SSO with Azure AD
      • 03 Oct 2024
      • 3 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      Configure SSO with Azure AD

      • Updated on 03 Oct 2024
      • 3 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      ZPE Cloud offers a user-friendly solution for integrating Azure Active Directory (Azure AD) as a Single Sign-On Identity Provider. This seamless integration enables users to access ZPE Cloud effortlessly while enforcing all security policies established in Azure Active Directory, including the Multi-Factor Authentication (MFA).

      In this article, you'll learn how to:

      Configure ZPE Cloud App in Azure

      1. Log in to the Microsoft Azure Portal.

      2. Navigate to Entra ID.

      3. Navigate to Enterprise applications.

      4. Click New application to create a new application.

      5. Click Create your own application to create a ZPE Cloud SSO application.

      6. Provide a Name for the application, the recommended names are ZPE Cloud or ZPECloud EU.

      7. Select Integrate any other application you don't find in the gallery (Nongallery).

        1. Assign users and groups

          1. Click Option.

          2. Assign specific Users or User Groups that can log in using this app. These users can only log in to ZPE Cloud.

        2. Set up a single sign-on

          1. Click the option Single Sign-on.

          2. Select SAML.

             

        3. Click to edit the Basic SAML Configuration.

        4. Add the Identifier (Entity ID) and the Reply URL (Assertion Consumer Service URL).

          Note: 

          The Reply URL is a temporary placeholder. Once we generate the. Metadata XML file, we'll retrieve the correct value from the ZPECloud.

        5. Click to edit Attributes & Claims.

          1. Click the Add New Claim option and add the following claims:

            1. Name : firstName , Source Attribute: user.givenname

            2. Name : lastName , Source Attribute: user.surname

            3. Name : memberOf , Source Attribute: “Administrator“

            4. Name : timeout, Source Attribute: 600

            5. Name : emailaddress, Source Attribute: user.mail

              Note:

              • All the fields are case-sensitive, ensure that you specify the same way as they are mentioned here. For example, firstName, lastName, memberOf 

              • The memberOf value must correspond to an existing group name in ZPE Cloud. By default, a new organization includes three groups: Administrator, Operator, and User. If a user is not assigned a valid group through SSO, or if no group is specified, they will be placed into the User group.

        6. Download the Federation Metadata XML.



           





      Configure Azure SSO on ZPE Cloud

      1.  Log in to the ZPE Cloud account with an Administrator account.

      2. (Optional) SSO providers require a signed Logout request. For this, a certificate needs to be created. This can be a self-sign certificate or can be a signed certificate.

      3. To create a Certificate:

        1. navigate to Settings > SSO >Certificate and provide the following values:

          1. Country Code: 2-letter country code for your company location

          2. State: state for your company location

          3. Location: location for your company location

          4. Organization: typically company name

          5. Organization Unit: additional OU

          6. Common Name: recommended value: zpecloud.com or zpecloud.eu.

          7. Email Address: email address of the Administrator

          8.  Subject Alternative Name: same as Common Name, recommended value: zpecloud.com or zpecloud.eu.

          9. For a Self-Signed Certificate, enable Self-Sign Certificate. Provide a value for Certificate Validity (days) 

          10. To create the SSO, navigate to Settings > SSO, and click Add.



           
           

        2.  Name: use the same value that was used in the Reply URL on Azure, the recommended value is azure

        3.  Entity ID: use the same value that was used in the Entity ID on Azure, the recommended value is zpe-cloud or zpe-cloud-eu

        4. Click LOAD METADATA and select the downloaded Federation MetadataXML file from Azure.

        5. Select Enable Single Logout. 

        6. Click Save.

        7. Copy the ACS URL.

      Completing Azure Configuration for ZPE Cloud Integration

      1.  Log in to the Azure portal, and go to your ZPE Cloud Enterprise Application Single Sign-on tab.

      2. Add the ACS URL.

      3. Click Add Reply URL and add a secondary with https://proxy-access.zpecloud.com or https://proxy-access.zpecloud.eu
        The https://proxy-access.zpecloud.com  or https://proxy-access.zpecloud.eu is used to set up the remote access SSO option.

      4. Click Save. The configuration is complete, you should be able to access ZPE Cloud using SSO.

      (Optional) Configure ZPE Cloud SSO for Remote Access to Devices

      1. Log in to your Nodegrid device and navigate to Security :: Authentication ::SSO

      2. Click Import Metadata.

      3. Add the Name.

      4. Change the Status to Enabled

      5. Add the Entity ID, same from Azure.

      6. Select the Metadata file, same as downloaded previously from Azure.

      7. Add the Icon and click Save.

      Was this article helpful?
      What's Next
      ESC

      Eddy AI, facilitating knowledge discovery through conversational intelligence