Skip to main content

Configure Azure AD as SSO Provider

To use Azure Active Directory (AD) as the SSO identity provider (IdP) with Virtana Platform, you must add Virtana Platform to Azure AD as a managed SaaS application. You then assign users to the application in Azure.

About This Task

  • After configuring the IdP, you must copy the metadata URL, which is needed for Virtana Platform

Prerequisites

You need an Administrator role in Microsoft Azure with privileges to create applications and assign users and groups.

  • You must have set up a SAML 2.0 application with your IdP.

  • You must have administrator privileges in both IdP and Virtana Platform.

  • You must have an appropriate Virtana Platform license to use SSO.

Steps

  1. Log in to Microsoft Azure as Administrator.

  2. Click the hamburger menu in the navigation pane and select Azure Active Directory>Enterprise applications.

    vp-settings-sso-azure-select-ad.png
    Screenshot of Azure UI, select Enterprise applications

  3. Click New application and Create your own application, then complete the following:

    1. Enter the name of the application.

    2. Select Integrate any other application you don't find in the gallery (Non-gallery).

    3. Click Create.

    vp-settings-sso-azure-select-new-app.png
    vp-settings-sso-azure-create-app.png

  4. Navigate back to Azure Active Directory>Enterprise applications>All applications and select the application you just created.

    It might take a minute before the new application displays.

    vp-settings-sso-azure-config-new-app.png

  5. In the left navigation pane, click Single sign-on and select the SAML option.

    vp-settings-sso-azure-select-saml.png

  6. On the SAML-based Sign-on page, click Edit for Basic SAML Configuration and complete the following:

    1. Set the Identifier (Entity ID) to https://app.cloud.virtana.com.

    2. Set Reply URL (Assertion Consumer Service URL) to https://app.cloud.virtana.com/authentication/sso/saml/acs.

    vp-settings-sso-azure-edit-basic-saml.png

  7. Click Edit for Attributes & Claims and add or update the following fields, which will be used to authenticate the user

    • externalId: user.mail

    • firstName: user.givenname

    • lastName: user.surname

    Leave name and Unique User Identifier unchanged.

    Important

    The Azure AD user profile must have firstName, lastName, and Mail configured. Otherwise, the integration will fail.

  8. Ensure the Claim name for externalId, firstName, and lastName are properly configured.

    On the Attributes & Claims edit page, make sure the Claim names for externalId, firstName and lastName do NOT have a Namespace URI (XML schema URL) prepended, like the other two attributes. If the format of these fields is changed, SSO will not work properly with Virtana.

    screenshot of Azure attributes & claims page, showing expected configuration

  9. In the SAML Certificates section, copy the value for App Federation Metadata Url.

    You will need to add this URL in Virtana Platform when you configure SSO.

    vp-settings-sso-azure-copy-url.png

  10. Navigate to Users and Groups , click Add user/group and select the users or groups to be added to the SSO application.

    If you do not have the required privileges to manage users and groups, contact the administrator at your company with those rights.

    Note

    The username must be in the form firstName.lastName@companyName.extension. Example: elizaveta.smirnoff@exampleco.com.

This completes the creation and configuration of the SSO application in Azure. You can log in to Virtana Platform to proceed with setup.

Next Steps:

Add the Azure SSO configuration to Virtana Platform.

In this section: