›  Dashboard  ›  Configure  ›  Single sign-on authentication  ›  Using Azure Active Directory

    Single sign-on authentication within Cloud Backup using Azure Active Directory

    • Summary:Description of and steps to set up and configure single sign-on authentication for the Dashboard and for Online Backup and Recovery Manager using Azure Active Directory.
    • 5 min read
    On this page

    Setup flow

    # Step Description
    1 Turn SSO on Turn SSO on in the Dashboard
    2 Set SSO scope Select accounts to apply SSO for
    3 Create SSO app Set up and configure Azure app for SSO
    4 Configure SSO Choose SSO configuration method and provide configuration details

    Turn SSO on

    To set up SSO, you need to turn it on first in the Dashboard. For this:

    1. Sign in to the Dashboard.

      Use an account with the administrator role.

    2. In the menu, go to SettingsSingle Sign-On.

      Menu item

      The SSO settings page opens.

    3. Select Enable Single Sign-On (SSO) to expand configuration settings.

      Configuration settings include the following groups:

      Group Description
      Enable SSO for This group of settings lets you set the SSO scope—that is, to select the predefined account groups and to specify individual accounts to apply SSO for
      Service Provider Settings This group includes settings to use when creating SSO app in Azure
      Identity Provider Settings This group of settings lets you choose how to configure SSO and provide configuration details

      SSO settings

    Continue with setting the SSO scope.

    Set SSO scope

    You can set the scope of SSO—that is, to select accounts to apply SSO for.

    To map accounts, account names on the service provider side (that is, within the services) must match the account emails on the Azure AD side.

    In the Enable SSO for group, select one or more available account groups:

    • Dashboard admins to enable SSO for the Dashboard accounts with the administrator role;

    • All backup accounts to enable SSO for all backup accounts;

    • Individual accounts to enable SSO only for specific accounts.

      Enter one or more account usernames separated by comma, space, or semicolon.

    SSO scope

    Continue with creating an SSO app in Azure.

    Create SSO app

    1. In the Azure portal, go to Azure Active Directory.

    2. Select AddEnterprise application.

      Add enterprise app

      Azure AD Gallery opens.

    3. Select Create your own application.

      Create new app

      The app creation wizard opens.

    4. Enter a name for the app, select Integrate any other application you don’t find in the gallery (Non-gallery), and then click Create.

      New app name

      The system creates the app, adds it to the gallery, and the app configuration page opens.

    5. In the menu, click Single sign-on, and then click SAML.

      SAML

      SSO configuration opens.

      SSO configuration

    6. In the Basic SAML Configuration group, click Edit.

      Edit basic SAML configuration

      The Basic SAML Configuration dialog opens.

    7. In the Basic SAML configuration dialog:

      1. In the Identifier group, enter the service provider entity ID in the respective box, and select it as default.

        You can find the service provider entity ID on the Dashboard SSO settings page in the Service Provider Entity ID box.

      2. In the Reply URL group, enter the reply URL address in the respective box.

        You can find the reply URL address on the Dashboard SSO settings page in the Reply URL box.

      3. Click Save to apply changes.

      Basic SAML configuration

    Continue with configuring SSO in the Dashboard.

    Configure SSO

    To configure SSO in the Dashboard, you must provide the SAML metadata. For this, in the Identity Provider Settings group, choose one of the following options:

    Identity provider settings

    Via metadata URL

    With this option, the system retrieves SAML metadata necessary for SSO from the metadata URL address you enter.

    1. Go to the SSO SAML configuration of the newly created Azure app.

    2. In the SAML Signing Certificate group, copy the address from the App Federation Metadata Url box.

      Copy metadata URL address

    3. Go to the SSO settings page in the Dashboard.

    4. In the Identity Provider Settings group, select Via metadata URL, and then enter the copied address in the respective box.

      Enter metadata URL address

    5. Click Save to apply changes.

    Using metadata file

    With this option, the system retrieves SSO configuration data from the metadata file you upload.

    1. Go to the SSO SAML configuration of the newly created Azure app.

    2. In the SAML Signing Certificate group, download Federation Metadata XML to your device.

      Download metadata file

    3. Go to the SSO settings page in the Dashboard.

    4. In the Identity Provider Settings group, select Using metadata file, and then import the downloaded metadata file.

      Upload metadata file

    5. Click Save to apply changes.

    Manually

    With this option, you manually enter the minimum required metadata and upload the certificate to configure SSO.

    1. Go to the SSO SAML configuration of the newly created Azure app.

      1. In the SAML Signing Certificate group, download Certificate (Base64) to your device.

      2. In the Set up group, copy the ID from the Azure AD Identifier box and the URL address from the Login URL box.

      Metadata for manual SSO configuration

    2. Go to the SSO settings page in the Dashboard.

    3. In the Identity Provider Settings group:

      1. Import the SAML certificate you downloaded earlier.

      2. In the Entity ID box, enter the Azure AD Identifier you copied earlier.

      3. In the Login URL box, enter the Login URL you copied earlier.

      4. Click Save to apply changes.

      Manual configuration