Step-by-step instructions to set up a SAML authentication for your Sponsors with Cloudi-Fi and Azure.

Use case

The following sections will provide step-by-step instructions to SAML authentication for your Sponsor with Cloudi-Fi and Azure.

Prerequisites

SAML URLs

• Navigate to the Cloudi-Fi Admin user interface (UI)
• Go to "Configuration" > "Auth modes" > "Sponsor"
• Collect the necessary information

Linkback URL

https://portal.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/************

• *****  is your Cloudi-fi public key (Go to your Cloudi-fi Admin interface > Settings > Company Account)

Cloudi-Fi Entity ID

https://portal.cloudi-fi.net/

1. Create Azure AD SAML app

• Navigate to the "Enterprise applications" section
• Add a new application

• Click on "Create your own application"
• Set a specific name to the application (example: Cloudi-Fi Guest SAML)
• Opt for the third option: "Integrate any other application you don't find in the gallery (Non-gallery)"

• After creating the application, navigate to "Single sign-on"
• Select "SAML" as the sign-on method

• Access "Basic SAML Configuration" to edit settings
• Update the "Linkback URL" with:

  • https://portal.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/************

  • where ************ represents your Cloudi-fi public key
  • To find your Cloudi-fi public key, go to the Cloudi-fi Admin interface, navigate to "Settings", then "Company Account"
• Set the "Cloudi-Fi Entity ID" as:

  • https://portal.cloudi-fi.net/

• Go to section "(2) Attributes & Claims"
• Collect the specified URL

• For the certificate:
  • Go to "(3) SAML Certificates"
  • Download the "Certificate (Base64)"
• To collect the URL:
  • Proceed to "(4) Set up Your Application"
  • Collect the necessary URL
    • Login URL
      
    • Microsoft Entra Identifier
      
    • Logout URL

2. Configure Single Sign-On

To start step 2, make ensure you have all of these information

https://portal.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/********

https://portal.cloudi-fi.net/

https://login.microsoftonline.com/*********/saml2

https://sts.windows.net/*********/

https://login.microsoftonline.com/***********/saml2

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

2.1. On Set up Single Sign-On with SAML Page

Go to AzureAd UI > Enterprise Applications > Your Application (create in Step 1: Create Azure AD SAML app) > Single sign-on > Basic SAML Configuration

• Identifier (Entity ID): Cloudi-Fi Entity ID (see SAML URLs )
• Reply URL (Assertion Consumer Service URL): Linkback URL (see SAML URLs )
• Sign on URL: Cloudi-Fi Entity ID (see SAML URLs)

2.2. On Cloudi-Fi Side

Go to Cloudi-Fi Admin UI > Configuration > Auth modes > Sponsor and enter the values for the following fields :

• IdP EntityId: Microsoft Entra Identifier (see Step 1: Create Azure AD SAML app)

• Binding Method: POST

• IdP Endpoint: Login URL (see Step 1: Create Azure AD SAML app)

• Logout Binding Method (Optional): POST

• Logout Endpoint: Logout URL (see Step 1: Create Azure AD SAML app)

• IdP Signing Certificate (x509 format): Past the content of Certificate (Base64) (see Step 1: Create Azure AD SAML app) without the "Begin Certificate" and "End certificate" markers

• Email attribute name: emailaddress (see Step 1: Create Azure AD SAML app)
• Fullname Attribute (Optional): givenname (see Step 1: Create Azure AD SAML app)

What's next?