In this section:
Overview
This section provides a detailed description for configuring SSO with Microsoft Azure AD.
You cannot change the EdgeView configuration (for example, manually changing the EV_IP value) without restarting it. Hence, use a correctly configured and running instance of EdgeView before starting this procedure.
Setting up Microsoft Azure IDP
Perform the following steps to set up the Microsoft Azure IDP and to use it inside EdgeView for Single sign-on.
- Log in to Azure portal https://portal.azure.com/#home.
- Create Tenant (Active Directory) by following this URL https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-access-create-new-tenant
- To switch to a new tenant, go to Azure Active Directory-> Click Manage Tenants-> Tick the check box in front of the newly created tenant -> Click on the switch.
- Now you are in the new tenant (Active Directory/Organization).
- Existing users having Tenant(Active Directory), can skip the step 2.
- Search Enterprise applications on the top search bar and select.
- Click New Application.|
- Click Create your own application.
- Provide the application name (For example "Azure IDP").
- Select the option Integrate any other application you don't find in the gallery (Non-gallery) and click Create.
- You will see the below page after successfully creating the application.
- Click Assign users and Groups -> Add users/groups -> Click None selected (Under user section).
- Enter your email id that was used for loggin in, at the search bar -> Select the user -> Click Select at bottom -> Click Assign.
- Open a new tab in the browser and follow the below sub-steps (Prerequisite: Your EV must have 16.3.1 GA or above version).
- Download Edgeview(SP) metadata file using the URL - https://{YOUR_EV_IP}/scc/saml2/service-provider-metadata/ev16.
- The saml-ev16-metadata.xml file is downloaded, that has Edgeview(SP) metadata.
- Go back to Azure portal and on the newly created application Azure IDP, from the left panel click Single sign-on.
- Click Saml, you will see the Set up Single Sign-On with SAML page.
- Click Edit of Basic SAML Configuration(1).
- The basic Saml configuration page opens.
- Click Add identifier.
- Enter the Entity id URL from saml-ev16-metadata.xml file downloaded in step no. 11. (Take EntityDescriptor:EntityId value from XML file).
- Click Add reply URL.
- Enter the reply URL from saml-ev16-metadata.xml file downloaded in step no. 11. (Take AssertionConsumerService:Location value from XML file).
- Enter the logout URL from saml-ev16-metadata.xml file downloaded in step no. 11. (Take SingleLogoutService:Location value from XML file).
- Your configuration looks like the below screen.
- Click Save
- Close the Basic Saml configuration inside the window.
Inside SAML Signing Certificate section, download the Federation Metadata XML file. The Xml file is downloaded with name Azue IDP.xml and the IDP setup is completed.
For the below steps from 17-26, refer Configure IDP.
- Go to your Edgeview -> Login with evadmin user.
- Go to System -> Configuration -> General Settings.
- Find the IDP Configuration panel and click the edit icon
- Click Upload/browse the IDP metadata file and select (The file from step no. 16)
- Provide the IDP name (For example. MS Azure)
- Save the configuration.
- Logout from Edgeview.
- Now the login page shows the Login with the 'MS Azure' option.
- Click MS Azure and provide your Microsoft Azure account credentials.
- You will be able to log in to EV using IDP user (MS Azure).
The EdgeView is read-only for the MS Azure IDP user who is currently logged in. To change or update permissions, contact the tenant administrator.