Step-by-step instructions to set up a SAML authentication for your Sponsor (in APAC, Australia) with Cloudi-Fi and Azure.
Use case
The following sections will provide step-by-step instructions to SAML authentication for your Sponsor (in APAC, Australia) with Cloudi-Fi and Azure.
Prerequisites
SAML URLs
Go to Cloudi-Fi Admin UI > Configuration > Auth modes > Sponsor for China > Enable SAML authentication on Sponsor page and collect the
Linkback URL
https://portal-cn.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/************
- ***** is your Cloudi-fi public key (Go to your Cloudi-fi Admin interface > Settings > Company Account)
Cloudi-Fi Entity ID
https://portal-cn.cloudi-fi.net/
If Sponsor for China section is not available, please contact your Cloudi-Fi Support.
1. Create Azure AD SAML app
From AzureAd UI, click on "Enterprise applications" and add a new application
Then, search for Microsoft Entra SAML Toolkit, and create it after giving it an explicit name (e.g. Cloudi-Fi Guest SAML)
Go to AzureAd UI > Enterprise Applications > Your Application (create in 1. Create Azure AD SAML app) > Single sign-on > (2) Attributes & Claims and collect the following URL
- emailaddress
- givenname
Go to AzureAd UI > Enterprise Applications > Your Application (created in 1. Create Azure AD SAML app) > Single sign-on > (3) SAML Certificates and download Certificate (Base64)
Go to AzureAd UI > Enterprise Applications > Your Application (created in 1. Create Azure AD SAML app) > Single sign-on > (4) Set up Your Application and collect the following URL
- Login URL
- Microsoft Entra Identifier
- Logout URL
2. Configure Single Sign-On
To start step 2, make ensure you have all of these information
Attributes | Details |
Linkback URL |
https://portal-cn.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/******** |
Cloudi-Fi Entity ID |
https://portal-cn.cloudi-fi.net/ |
Login URL |
https://login.microsoftonline.com/*********/saml2 |
Microsoft Entra Identifier |
https://sts.windows.net/*********/ |
Logout URL |
https://login.microsoftonline.com/***********/saml2 |
Certificate (Base64) | |
Email_address Claims |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
Given_name Claims |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
2.1. On Set up Single Sign-On with SAML Page
Go to AzureAd UI > Enterprise Applications > Your Application (created in 1. Create Azure AD SAML app) > Single sign-on > Basic SAML Configuration
- Identifier (Entity ID): Cloudi-Fi Entity ID (see SAML URLs )
- Reply URL (Assertion Consumer Service URL): Linkback URL (see SAML URLs )
- Sign on URL: Cloudi-Fi Entity ID (see SAML URLs)
2.2. On Cloudi-Fi Side
Go to Cloudi-Fi Admin UI > Configuration > Auth modes > Sponsor and enter the values for the following fields :
-
IdP EntityId : Microsoft Entra Identifier (see 1. Create Azure AD SAML app)
-
Binding Method : POST
-
IdP Endpoint : Login URL (see 1. Create Azure AD SAML app)
-
Logout Binding Method (Optional) : POST
-
Logout Endpoint : Logout URL (see 1. Create Azure AD SAML app)
-
IdP Signing Certificate (x509 format) : Past the content of Certificate (Base64) (see 1. Create Azure AD SAML app) without the "Begin Certificate" and "End certificate" markers
- Email attribute name : emailaddress (see 1. Create Azure AD SAML app)
- Fullname Attribute (Optional) : givenname (see 1. Create Azure AD SAML app)
What's Next ?
Congratulations on enabling SAML authentication with Azure for your Sponsor (in APAC, Australia).