Configure Azure AD SSO
Add the Azure AD SAML Toolkit application
From Home, click on Enterprise applications
Add a new application and Search for Azure AD SAML Toolkit and create it after giving it an explicit name (Cloudi-Fi Administrators, for instance)
Configure Single Sign-On
Once you have the Azure AD SAML Toolkit application, click on it and go to Single Sign-On and On the Select a single sign-on method page, select SAML.
On Set up Single Sign-On with SAML Page
On the Basic SAML Configuration page, enter the values for the following fields :
Identifier (Entity ID) : https://admin.cloudi-fi.net/ ( From Cloudi-Fi = Marked A click on copy icon )
Reply URL (Assertion Consumer Service URL): Copy and paste the linkback URL or type https://admin.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-saml4admin// ( From Cloudi-Fi = Marked B click on copy icon )
Sign-on URL : https://admin.cloudi-fi.net/sso/ ( From Cloudi-Fi = Marked C click on copy icon )
The company hash is visible on your Cloudi-Fi account; go to Setting Company Account Cloudi-Fi Public Key
On Cloudi-Fi Side
Go to Settings Auth modes SAML For Administrators, enter the values for the following fields :
Entity Id: Azure AD Identifier (Marked 2)
Binding Method: Post or Redirect
Login Endpoint: Login URL (Marked 1)
Logout Binding Method (Optional) : Post or Redirect
IdP Signing Certificate (x509 format) : Download the raw Certificate and Past it here (without "Begin Certificate" and "End certificate" markers)
Email Attribute name: Claim name corresponding to the Mail value ( Marked 1 )
( Optional )
Enable Administrator auto-provisioning
Enabling automatic administrator provisioning allows administrators to be assigned a Cloudi-Fi profile based on the Azure AD group to which they belong.
( Optional )
On Azure AD Side, once the groups are created and the members allocated, the next step is the SSO SAML configuration with the creation and management of the "Attributes & Claims". In addition to the information on the user, i.e., the name, the first name, and the email address, we need to assign a profile to this user by creating an Additional claims.
The configuration is done as follows:
Click on Add a new claim
Give it a name (profile, for instance)
In the Claim conditions, create as many profiles as you need to allow on the Cloudi-Fi interface
User type: Members or Any
Scoped Groups: Select the Groups allowed to have access to Cloudi-Fi Admin Console
Value: Profile value (Lobby, ReadOnly, or Admin, for instance)
On Cloudi-Fi Side, Configure or finalize the SAML configuration
Go to Settings Auth modes SAML for Administrators. Enable Administrator auto-provisioning and type the Claim name corresponding to the profile in the SAML Profile Attribute field.
You can also assign a Default profile if no profile is received in the SAML response.