Background:
This How-To guide provide details about the configuration required in order to integrate N2WS Backup & Recovery 3.x/4.x with Azure Active Directory SSO,
It shows an example on how to create and configure Enterprise application in Azure and what configurations are required in N2WS Backup & Recovery.
- Please check the following link if ldp integration is supported for your version pricing & feature
- For additional information about IdP integration, read our user guide: Link: Documentation
The configuration has the following steps you must configure to get this working correctly:
- Create enterprise app in azure AD
- Configure claims in Azure AD
- Configure ldp in N2WS Backup & Recovery
- Create a group in N2WS Backup & Recovery
- Upload certificate to N2WS Backup & Recovery
Please see below configuration and troubleshooting sections.
Configuration
For this guide i have created a test Azure AD account and have created one user & group in it.
1. First we will start with configuration at Azure AD side,
First you need users & group, once you have a user/group next steps is to create "Enterprise application" (you should see link to create at the bottom)
2. Next select “Non-gallery application” and insert a name
3. Now click on "Assign a user"
4. Add your user
5. Now that we have assigned a user, go back to overview and then click on “Set up a single sign on” -> SAML
6. You will reach the setup page which has multiple sections, Fill up the parameters as follow:
Section 1: Basic SAML Configuration
Set the following configurations:
Attribute
| Value
|
Identifier (Entity ID)
| https://<CPM_Address>/remote_auth/metadata
|
Reply URL (Assertion Consumer Service URL)
| https://<CPM_Address>/remote_auth/complete_login/
|
Logout Url
| https://<CPM_Address>/remote_auth/complete_logout/
|

For Example:
Section 2: User Attributes & Claims
Add the following claims:
Claim name
| Example source attribute
|
cpm_user_groups
| Group ID
|
nameidentifier
| user.userprincipalname
|

For Example:

Note about groups: The claim "cpm_user_groups" should contain the name of the groups the user belongs to.
CPM will then receive this information from Azure, it will check the content of cpm_user_groups and will compare it to the groups configured in CPM.
In Azure AD if you configure cpm_user_groups = user.groups, this will mean that Azure will populate the claim with the group ID's and not the group name!
so in this configuration/scenario, you need to create group in CPM where the name = the group ID in azure
For example:
For this group and configuration in Azure AD
There will be this group in CPM

Note: An IdP user logging onto N2WS can belong to only ONE N2WS group
Note: claims are case sensitive, for example 'cpm_user_groups' must be with lower case
Section 3: SAML Signing Certificate
Check that "Signing Algorithm" = SHA-256 and download the Certificate(Base64)
We will upload the certificate later to N2WS Backup & Recovery
Section 4:
We will use this information for the N2WS Backup & Recovery configuration later.
7. Now switch to N2WS Backup & Recovery console, login with Admin user
8. Click on cog icon -> Open "Identity provider" area.
9. Go to Settings tab and set the following
Parameter
| value
|
CPM IP or DNS
| This should point to the public IP or DNS
|
Entity ID
| Copy from Azure SSO setup - section 4
|
Sign in URL
| Copy from Azure SSO setup - section 4
|
Sign Out URL
| Copy from Azure SSO setup - section 4
|
X509 cert
| Upload the certificate from Azure AD
|
Notes: use IdP’s login url for both sign in & sign out, and if you used DNS in Azure setting you need to be consistent and select DNS here
For Example:
9. Switch to Groups and create the Groups for the users.
The name of the group should match the name that will be passed in cpm_user_groups claim

For Example:
For this group in Azure (which the user is member of):
I Will create this group in CPM
When you create the group, you select the user type for users in that groups and the limitations/permissions
For example the below group will have users that are delegate of Admin Account
1. issue - application identifier was not found
Possible resolutions:
Make sure the "CPM IP or DNS" in N2WS config is set to public ip and match the URL in Azure AD configuration
2. issue - redirected to logout
possible resolutions:
Claim name is case sensitive - make sure it is cpm_user_groups and not Cpm_user_groups for example.
Thanks for reading this guide,
N2WS Support Team.