›  Dashboard  ›  Single Sign-On Authentication

Single sign-on authentication within Cloud Backup

On this page

This functionality is currently in the testing mode. It will be publicly available in the nearest future.

Overview

Single sign-on (SSO) allows you to securely sign in to your Infrascale account in the Dashboard and in Online Backup and Recovery Manager (OBRM) using another account of yours managed by an SSO identity provider (IdP), for example, Microsoft Azure Active Directory (AD), Okta, or other.

Currently, SSO integration is available only for Azure AD.

Setup flow

# Step Description
1 Enable SSO Turn on SSO in the Dashboard
2 Set SSO scope Select accounts to apply SSO for
3 Create SSO app Set up and configure Azure app for SSO
4 Configure SSO Choose SSO configuration method and provide configuration details

Enable SSO

To set up SSO, you need to enable it first in the Dashboard. For this:

  1. In the Dashboard, go to SettingsSingle Sign-On.

  2. Select Enable Single Sign-On (SSO) to expand configuration settings.

    Configuration settings include the following groups:

    Group Description
    Enable SSO for This group of settings allows you to set the SSO scope, that is to select the predefined account groups and to specify individual accounts to apply SSO for
    Service Provider Settings This group includes settings to use when creating SSO app in Azure
    Identity Provider Settings This group of settings allows you to choose how to configure SSO and provide configuration details

    SSO settings

  3. Continue with setting SSO scope.

Set SSO scope

You can set the scope of SSO, that is to select accounts to apply SSO for.

To map accounts, account names on the service provider (SP) side (that is, within the Infrascale services) must match account email on the IdP side (for example, in Azure AD).

In the Enable SSO for group, select one or more available account groups:

  • Dashboard admins to enable SSO for the Dashboard accounts with the administrator role,

  • All backup accounts to enable SSO for all Infrascale accounts,

  • Individual accounts to enable SSO only for specific Infrascale accounts.

    Enter one or more account usernames separated by comma, space, or semicolon.

SSO scope

Continue with creating SSO app in Azure.

Create SSO app

  1. In the Azure portal, go to Azure Active Directory.

  2. Select AddEnterprise application.

    Add enterprise app

    Azure AD Gallery opens.

  3. Select Create your own application.

    Create new app

    The app creation wizard opens.

  4. Enter a name for the app, select Integrate any other application you don’t find in the gallery (Non-gallery), and then click Create.

    New app name

    The system creates the app, adds it to the gallery, and the app configuration page opens.

  5. In the menu, click Single sign-on, and then click SAML.

    SAML

    SSO configuration opens.

    SSO configuration

  6. In the Basic SAML Configuration group, click Edit.

    Edit basic SAML configuration

    The Basic SAML Configuration dialog opens.

  7. In the Basic SAML configuration dialog:

    1. In the Identifier group, enter the SP entity ID in the respective box, and select it as default.

      You can find the SP entity ID on the Infrascale Dashboard SSO settings page in the Service Provider Entity ID box.

    2. In the Reply URL group, enter the reply URL address in the respective box.

      You can find the reply URL address on the Infrascale Dashboard SSO settings page in the Reply URL box.

    3. Click Save to apply changes.

    Basic SAML configuration

  8. Continue with configuring SSO] in the Infrascale Dashboard.

Configure SSO

To configure SSO in the Dashboard, you must provide the SAML metadata. For this, in the Identity Provider Settings group, choose one of the following options:

Identity provider settings

Via metadata URL

With this option, the system retrieves SAML metadata necessary for SSO from the metadata URL address you enter.

To get the metadata URL address:

  1. Go to the SSO SAML configuration of the newly created Azure app.

  2. In the SAML Signing Certificate group, copy the address from the App Federation Metadata Url box.

    Copy metadata URL address

  3. Go to the SSO settings page in the Dashboard, and enter the copied address in the respective box in the Identity Provider Settings group.

    Enter metadata URL address

  4. Click Save to apply changes.

Using metadata file

With this option, the system retrieves SSO configuration data from the metadata file you upload.

To get the metadata file:

  1. Go to the SSO SAML configuration of the newly created Azure app.

  2. In the SAML Signing Certificate group, download Federation Metadata XML locally.

    Download metadata file

  3. Go to the SSO settings page in the Infrascale Dashboard, and import the downloaded file in the Identity Provider Settings group.

    Upload metadata file

  4. Click Save to apply changes.

Manually

With this option, you manually enter the minimum required metadata and upload the certificate to configure SSO.

To get the metadata and the certificate:

  1. Go to the SSO SAML configuration of the newly created Azure app.

    1. In the SAML Signing Certificate group, download Certificate (Base64) locally.

    2. In the Set up group, copy the ID from the Azure AD Identifier box and the URL address from the Login URL box.

    Metadata for manual SSO configuration

  2. Go to the SSO settings page in the Dashboard, and in the Identity Provider Settings group:

    1. Import the SAML certificate you downloaded earlier.

    2. In the Entity ID box, enter the Azure AD Identifier you copied earlier.

    3. In the Login URL box, enter the Login URL you copied earlier.

    4. Click Save to apply changes.

    Manual configuration