Configuring SAML authentication settings in OpManager for Azure

Listed below are the steps to configure SAML authentication in OpManager (SP) for Azure (IdP) with Single Sign-On.

  1. Login to your Azure account. Expand the menu on the left hand side, and select Azure Active Directory.
  2. Configure Azure IdP in OpManager

  3. Click on Enterprise applications.
  4. Configure Azure IdP in OpManager

  5. Select New Application.
  6. Configure Azure IdP in OpManager

  7. Enter the application name in the text box under 'What's the name of your app?' and click on Create at the end of that page.
  8. Configure Azure IdP in OpManager

  9. On the left side menu, select Single sign-on and choose SAML. You will be navigated to the SAML based Sign-On page.
  10. Configure Azure IdP in OpManager

    Configure Azure IdP in OpManager

  11. In Basic SAML configuration select the edit option. (The pencil icon).
  12. Configure Azure IdP in OpManager

  13. In this window, the Entity ID, Assertion Consumer Service (ACS) URL, Sign on URL, and Logout URL from OpManager need to be specified.

    Configure Azure IdP in OpManager

  14. Go to OpManager, navigate to Settings -> General Settings -> Authentication.
  15. Configure Azure IdP in OpManager

  16. Under SAML, copy the Entity ID, Assertion Consumer Service URL, and the Logout URL from the Service Provider Details section.
  17. Configure Azure IdP in OpManager

  18. Now, go back to Azure and enter those details in the Basic SAML Configuration section by selecting the edit option.
  19. Configure Azure IdP in OpManager

  20. Under the Attributes & Claims section, click on the Edit option. (The pencil icon).
  21. Configure Azure IdP in OpManager

  22. Click on user.displayname [nameid-format:persistent]
  23. Configure Azure IdP in OpManager

  24. For OpManager versions,
    • Before version 126147, choose the Name Identifier format as Persistent. Choose the Source Attribute as Display Name, if you are trying to authenticate local users in OpManager. If you are trying to authenticate AD or Domain users, click on Transformation and configure the appropriate OGNL expression to send the NameID value in the format < domainname >\< username > . Click Save.
    • Configure Azure IdP in OpManager

      Note: If your display name contains space or other special characters, user mapping issues might happen, so configure a different attribute like first name, or you can switch to Email NameID format.

    • For version 126147 and above, choose the Name Identifier format as Email address and Source Attribute as user.mail and click Save.
    • Configure Azure IdP in OpManager

  25. Now, download the Federation Metadata XML file from the SAML Signing Certificate section.
  26. Configure Azure IdP in OpManager

  27. Open OpManager and go to Settings -> General Settings -> Authentication -> SAML. Upload the metadata file under Identity provider details and select the corresponding NameID format based on the OpManager version installed. Click on Save.
  28. Configure Azure IdP in OpManager

  29. Now, Click on the Enable SAML SSO option.
  30. Configure Azure IdP in OpManager

  31. Now go back to Azure and select Users and groups on the left side menu, then select Add user/group.
  32. Configure Azure IdP in OpManager

  33. Click None selected and from the right hand side, select the Users and click Assign.
  34. Configure Azure IdP in OpManager

  35. After assigning the users, please ensure the user profiles are created in OpManager and verify the following,
    • For Persistent NameID ( Before version 126147 ) the username in OpManager should match the user displayname in Azure.
    • Configure Azure IdP in OpManager

      Configure Azure IdP in OpManager

    • For Email NameID ( For version 126147 and above ) the user Email in OpManager should match the user Email in Azure.
    • Configure Azure IdP in OpManager

      Configure Azure IdP in OpManager

  36. Now, login to OpManager using your Azure account from the login page.
  37. Configure Azure IdP in OpManager

 
 Pricing  Get Quote