›  Dashboard  ›  Configure  ›  Single sign-on authentication  ›  Using Azure Active Directory

Single sign-on authentication within Cloud Backup using Azure Active Directory

On this page

Setup flow

# Step Description
1 Turn SSO on Turn SSO on in the Infrascale Dashboard
2 Set SSO scope Select accounts to apply SSO for
3 Create SSO app Set up and configure Azure app for SSO
4 Configure SSO Choose SSO configuration method and provide configuration details

Turn SSO on

To set up SSO, you need to turn it on first in the Infrascale Dashboard. For this:

  1. Sign in to the Infrascale Dashboard.

    Use an account with the administrator role.

  2. In the menu, go to SettingsSingle Sign-On.

    Menu item

    The SSO settings page opens.

  3. Select Enable Single Sign-On (SSO) to expand configuration settings.

    Configuration settings include the following groups:

    Group Description
    Enable SSO for This group of settings lets you set the SSO scope—that is, to select the predefined account groups and to specify individual accounts to apply SSO for
    Service Provider Settings This group includes settings to use when creating SSO app in Azure
    Identity Provider Settings This group of settings lets you choose how to configure SSO and provide configuration details

    SSO settings

Continue with setting the SSO scope.

Set SSO scope

You can set the scope of SSO—that is, to select accounts to apply SSO for.

To map accounts, account names on the service provider side (that is, within the Infrascale services) must match the account emails on the Azure AD side.

In the Enable SSO for group, select one or more available account groups:

  • Dashboard admins to enable SSO for the Infrascale Dashboard accounts with the administrator role;

  • All backup accounts to enable SSO for all backup accounts;

  • Individual accounts to enable SSO only for specific Infrascale accounts.

    Enter one or more account usernames separated by comma, space, or semicolon.

SSO scope

Continue with creating an SSO app in Azure.

Create SSO app

  1. In the Azure portal, go to Azure Active Directory.

  2. Select AddEnterprise application.

    Add enterprise app

    Azure AD Gallery opens.

  3. Select Create your own application.

    Create new app

    The app creation wizard opens.

  4. Enter a name for the app, select Integrate any other application you don’t find in the gallery (Non-gallery), and then click Create.

    New app name

    The system creates the app, adds it to the gallery, and the app configuration page opens.

  5. In the menu, click Single sign-on, and then click SAML.

    SAML

    SSO configuration opens.

    SSO configuration

  6. In the Basic SAML Configuration group, click Edit.

    Edit basic SAML configuration

    The Basic SAML Configuration dialog opens.

  7. In the Basic SAML configuration dialog:

    1. In the Identifier group, enter the service provider entity ID in the respective box, and select it as default.

      You can find the service provider entity ID on the Infrascale Dashboard SSO settings page in the Service Provider Entity ID box.

    2. In the Reply URL group, enter the reply URL address in the respective box.

      You can find the reply URL address on the Infrascale Dashboard SSO settings page in the Reply URL box.

    3. Click Save to apply changes.

    Basic SAML configuration

Continue with configuring SSO in the Infrascale Dashboard.

Configure SSO

To configure SSO in the Infrascale Dashboard, you must provide the SAML metadata. For this, in the Identity Provider Settings group, choose one of the following options:

Identity provider settings

Via metadata URL

With this option, the system retrieves SAML metadata necessary for SSO from the metadata URL address you enter.

  1. Go to the SSO SAML configuration of the newly created Azure app.

  2. In the SAML Signing Certificate group, copy the address from the App Federation Metadata Url box.

    Copy metadata URL address

  3. Go to the SSO settings page in the Infrascale Dashboard.

  4. In the Identity Provider Settings group, select Via metadata URL, and then enter the copied address in the respective box.

    Enter metadata URL address

  5. Click Save to apply changes.

Using metadata file

With this option, the system retrieves SSO configuration data from the metadata file you upload.

  1. Go to the SSO SAML configuration of the newly created Azure app.

  2. In the SAML Signing Certificate group, download Federation Metadata XML to your device.

    Download metadata file

  3. Go to the SSO settings page in the Infrascale Dashboard.

  4. In the Identity Provider Settings group, select Using metadata file, and then import the downloaded metadata file.

    Upload metadata file

  5. Click Save to apply changes.

Manually

With this option, you manually enter the minimum required metadata and upload the certificate to configure SSO.

  1. Go to the SSO SAML configuration of the newly created Azure app.

    1. In the SAML Signing Certificate group, download Certificate (Base64) to your device.

    2. In the Set up group, copy the ID from the Azure AD Identifier box and the URL address from the Login URL box.

    Metadata for manual SSO configuration

  2. Go to the SSO settings page in the Infrascale Dashboard.

  3. In the Identity Provider Settings group:

    1. Import the SAML certificate you downloaded earlier.

    2. In the Entity ID box, enter the Azure AD Identifier you copied earlier.

    3. In the Login URL box, enter the Login URL you copied earlier.

    4. Click Save to apply changes.

    Manual configuration