This How-To guide provide details about the configuration required in order to integrate N2WS Backup & Recovery 3.0.x/3.1.x with Azure Active Directory SSO,
It shows an example on how to create and configure Enterprise application in Azure and what configurations are required in N2WS Backup & Recovery.
- Please check the following link if ldp integration is supported for your version pricing & feature
- For additional information about IdP integration, read our user guide: Link: Documentation
The configuration has the following steps you must configure to get this working correctly:
- Create enterprise app in azure AD
- Configure claims in Azure AD
- Configure ldp in N2WS Backup & Recovery
- Create a group in N2WS Backup & Recovery
- Upload certificate to N2WS Backup & Recovery
Please see below configuration and troubleshooting sections.
For this guide i have created a test Azure AD account and have created one user & group in it.
1. First we will start with configuration at Azure AD side,
First you need users & group, once you have a user/group next steps is to create "Enterprise application" (you should see link to create at the bottom)
2. Next select “Non-gallery application” and insert a name
3. Now click on "Assign a user"
4. Add your user
5. Now that we have assigned a user, go back to overview and then click on “Set up a single sign on” -> SAML
6. You will reach the setup page which has multiple sections, Fill up the parameters as follow:
Section 1: Basic SAML Configuration
Set the following configurations:
|Identifier (Entity ID)||https://<CPM_Address>/remote_auth/metadata|
|Reply URL (Assertion Consumer Service URL)||https://<CPM_Address>/remote_auth/complete_login/|
Section 2: User Attributes & Claims
Add the following claims:
|Claim name||Example source attribute|
Note about groups: The claim "cpm_user_groups" should contain the name of the groups the user belongs to.
CPM will then receive this information from Azure, it will check the content of cpm_user_groups and will compare it to the groups configured in CPM.
In Azure AD if you configure cpm_user_groups = user.groups, this will mean that Azure will populate the claim with the group ID's and not the group name!
so in this configuration/scenario, you need to create group in CPM where the name = the group ID in azure
For this group and configuration in Azure AD
There will be this group in CPM
Note: An IdP user logging onto N2WS can belong to only ONE N2WS group
Note: claims are case sensitive, for example 'cpm_user_groups' must be with lower case
Section 3: SAML Signing Certificate
Check that "Signing Algorithm" = SHA-256 and download the Certificate(Base64)
We will upload the certificate later to N2WS Backup & Recovery
We will use this information for the N2WS Backup & Recovery configuration later.
7. Now switch to N2WS Backup & Recovery console, login with Admin user
8. Click on cog icon -> Open "Identity provider" area.
9. Go to Settings tab and set the following
|CPM IP or DNS||This should point to the public IP or DNS|
|Entity ID||Copy from Azure SSO setup - section 4|
|Sign in URL||Copy from Azure SSO setup - section 4|
|Sign Out URL||Copy from Azure SSO setup - section 4|
|X509 cert||Upload the certificate from Azure AD| Notes: use IdP’s login url for both sign in & sign out, and if you used DNS in Azure setting you need to be consistent and select DNS here
9. Switch to Groups and create the Groups for the users.
The name of the group should match the name that will be passed in cpm_user_groups claim
For this group in Azure (which the user is member of):
I Will create this group in CPM
When you create the group, you select the user type for users in that groups and the limitations/permissions
For example the below group will have users that are delegate of Admin Account
1. issue - application identifier was not found
Make sure the "CPM IP or DNS" in N2WS config is set to public ip and match the URL in Azure AD configuration
2. issue - redirected to logout
Claim name is case sensitive - make sure it is cpm_user_groups and not Cpm_user_groups for example.
Thanks for reading this guide,
N2WS Support Team.