How to configure SAML authentication settings in Central Server for Azure SSO?

• In Central Server
• In Central Server Cloud

In Central Server

Description

This document will walk you through the steps required to configure SAML Authentication settings in Central Server for Azure.

Note: If the FQDN in the ACS URL is different from the one mentioned in the NAT Settings, then go to <Installation_directory>/Desktop Central server/conf/websettings.confand, in a new line, type saml.fqdn.name=FQDN_Name. Here, FQDN_Name represents your FQDN name. 
For example: saml.fqdn.name=dc.com. Here, dc.com is the FQDN name. After saving the websettings.conf file, restart the Central Serverserver and reconfigure the SAML Authentication settings.

Installation Steps

1.  Login to your Azure account using https://portal.azure.com and enter your email address. After that, click Next.
    
   • 
2. Enter the password and click Sign in.
    
   • 
3. Select Enterprise applications.
   • 
4. Select New application.
   • 
5. On the left hand side, and select + Create your own application.
    
   • 
6. Select Non-gallery application on the right hand side.
    
   • 
7. Provide an appropriate app name and click Create.
   • 
8. On the left hand side menu, click Single sign-on.
    
   • 
9. Select SAML.
    
   • 
10. In Basic SAML Configuration, select edit option (the pencil icon).
     
    • 
11. In this window, the Entity ID,Assertion Consumer Service URL, and the Sign on URL have to be specified. 
     
    • 
12. Login to your Central Serverconsole, switch to the Admin tab, and select SAML Authentication.
     
    • 
13. Choose Certificate next to Configuration by downloading. Copy the Entity ID and Assertion Consumer URL.
     
    • 
14. Paste the Entity ID next to Identifier, and the Assertion Consumer URL next to Reply URL in the Microsoft Azure portal.
     
    • 
15. Now, copy the Assertion Consumer URL and paste it next to Sign on URL. Here, change the URL from Response to Request and click Save.
     
    • 
16. In User Attributes & Claims, select edit option (the pencil icon).
     
    • 
17. Click user.userprincialname [nameid-f....
     
    • 
18. Click user.userprincipalname.
     
    • 
19. In the drop-down list, select user.mail.
     
    • 
20. Click Save.
    • 
21. In SAML Signing Certificate, download Federation Metadata XML.
     
    • 
22. On the left hand side menu, click Users and groups. Select Add user.
     
    • 
23. Click None Selected.
     
    • 
24. From the right hand side, select the users and click Select.
     
    • 
25. Click Assign.
     
    • 
26. In the Central Server web console, under Identity Provider Details, choose Others as IdP. Provide a suitable name for the IdP, and choose E-mail ID as Name ID. Next, select Metadata and upload the downloaded metadata file in step 21. Click Save.
     
    • 
27. SAML Authentication is now enabled in Central Server.
     
    • 
28. Login to Central Serverusing your Azure account.
     
    • 

You have successfully configured the SAML Authentication Settings.