In order to sign in to OneCloud using Azure Active Directory as an identity provider, you will need to have an Azure account and use Azure AD Premium P2. Without this plan, you will be unable to build a custom application for OneCloud access.
To get started, navigate to Azure Active Directory and select Enterprise applications from the "Manage" menu (see screenshot below).
From here, click "Add Application" at the top. This will take you to the next prompt that asks you which kind of application you are creating. Select "Non-gallery application" to continue (see screenshot below). Choose the name of your application and click "Add".
Next, you’ll need to configure your application. Once it has been created, click Single Sign-On in the "Manage" section (see screenshot below). Here, you will need to add the properties required to enable your application to communicate with OneCloud.
We will be using the SAML to authenticate with OneCloud, so at the next prompt, select "SAML" (see screenshot below).
On the next screen, you’ll see a list of configuration blocks. Starting with "Basic SAML Configuration", click the edit icon and fill out the following fields:
- Identifier: https://app.onecloud.io/saml/metadata.xml
- Reply URL: https://app.onecloud.io/saml/consume/YOUR_SAML_TOKEN
- Logout URL: https://app.onecloud.io/saml/logout/YOUR_SAML_TOKEN
All other fields are not required. Note that you will need to replace "YOUR_SAML_TOKEN" in the above URLs with your company’s SAML token. See the Single Sign-On (SSO) documentation for more details on getting a SAML token.
Once you have filled out the required fields, make sure to click "Save" at the top left.
You will also need to edit "User Attributes & Claims" to make sure you are passing enough data for OneCloud to identify the user on the platform. Click the edit icon, select "Add new claim" at the top, and add the following attributes. In the screenshot below, please note that the “namespace” field is not required.
The last remaining piece is to add the metadata to your OneCloud company. In the "SAML Signing Certificate" section, click the link for "Federation Metadata XML". This will trigger a download for XML metadata. From here, take the XML file and upload it to the SAML section in OneCloud (see the SSO documentation for more details).
Lastly, add some users to your application and test it out from within the setup wizard. To add users to your application, select "Users and groups" from the "manage" section and click "Add user" at the top left section. From here, select the relevant users and groups that will be using the application.
Azure AD provides the ability to test if your application was set up correctly. You should simply be able to click the "Test" button at the bottom of the page. If your application was correctly configured, you should be automatically redirected to your OneCloud environment.