Step-by-step instructions to set up a SAML authentication for your Sponsors with Cloudi-Fi and Azure.
Use case
The following sections will provide step-by-step instructions to SAML authentication for your Sponsor with Cloudi-Fi and Azure.
Prerequisites
SAML URLs
- Navigate to the Cloudi-Fi Admin user interface (UI)
- Go to "Configuration" > "Auth modes" > "Sponsor"
- Collect the necessary information
Linkback URL
https://portal.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/************
- ***** is your Cloudi-fi public key (Go to your Cloudi-fi Admin interface > Settings > Company Account)
Cloudi-Fi Entity ID
https://portal.cloudi-fi.net/
1. Create Azure AD SAML app
- Navigate to the "Enterprise applications" section
- Add a new application
- Click on "Create your own application"
- Set a specific name to the application (example: Cloudi-Fi Guest SAML)
- Opt for the third option: "Integrate any other application you don't find in the gallery (Non-gallery)"
- After creating the application, navigate to "Single sign-on"
- Select "SAML" as the sign-on method
- Access "Basic SAML Configuration" to edit settings
- Update the "Linkback URL" with:
-
https://portal.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/************
- where ************ represents your Cloudi-fi public key
- To find your Cloudi-fi public key, go to the Cloudi-fi Admin interface, navigate to "Settings", then "Company Account"
-
- Set the "Cloudi-Fi Entity ID" as:
-
https://portal.cloudi-fi.net/
-
- Go to section "(2) Attributes & Claims"
- Collect the specified URL
- For the certificate:
- Go to "(3) SAML Certificates"
- Download the "Certificate (Base64)"
- To collect the URL:
- Proceed to "(4) Set up Your Application"
- Collect the necessary URL
- Login URL
- Microsoft Entra Identifier
- Logout URL
- Login URL
2. Configure Single Sign-On
To start step 2, make ensure you have all of these information
Attributes | Details |
Linkback URL |
https://portal.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/******** |
Cloudi-Fi Entity ID |
https://portal.cloudi-fi.net/ |
Login URL |
https://login.microsoftonline.com/*********/saml2 |
Microsoft Entra Identifier |
https://sts.windows.net/*********/ |
Logout URL |
https://login.microsoftonline.com/***********/saml2 |
Certificate (Base64) | |
Email_address Claims |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
Given_name Claims |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
2.1. On Set up Single Sign-On with SAML Page
Go to AzureAd UI > Enterprise Applications > Your Application (create in Step 1: Create Azure AD SAML app) > Single sign-on > Basic SAML Configuration
- Identifier (Entity ID): Cloudi-Fi Entity ID (see SAML URLs )
- Reply URL (Assertion Consumer Service URL): Linkback URL (see SAML URLs )
- Sign on URL: Cloudi-Fi Entity ID (see SAML URLs)
2.2. On Cloudi-Fi Side
Go to Cloudi-Fi Admin UI > Configuration > Auth modes > Sponsor and enter the values for the following fields :
-
IdP EntityId: Microsoft Entra Identifier (see Step 1: Create Azure AD SAML app)
-
Binding Method: POST
-
IdP Endpoint: Login URL (see Step 1: Create Azure AD SAML app)
-
Logout Binding Method (Optional): POST
-
Logout Endpoint: Logout URL (see Step 1: Create Azure AD SAML app)
-
IdP Signing Certificate (x509 format): Past the content of Certificate (Base64) (see Step 1: Create Azure AD SAML app) without the "Begin Certificate" and "End certificate" markers
- Email attribute name: emailaddress (see Step 1: Create Azure AD SAML app)
- Fullname Attribute (Optional): givenname (see Step 1: Create Azure AD SAML app)