Azure AD settings

Configure settings to use AzureAD SAML2.0 authentication for logging in to the ovice account.

If you have already set up and want to set common SAML authentication for multiple spaces in a hierarchical structure (building), please refer to the following.
Hierarchical Structure (Building) SAML Authentication Settings

 

Advance Preparation

1. Make sure you have the required permissions for the settings

  • Assigning the role of "Application Administrator" in AzureAD
  • ovice administrator privileges

2. On the ovice management screen, click "Space Settings" → "Access Permissions" → "Email Authentication" under Allow access as a member.

3. Select the "SSO Authentication" tab

Screenshot 2023-10-11 at 11.13.23 PM.png

4. Click the + button of "Register SAML authentication"

5. Enter any name in Idp name

This name will be displayed on the login screen.

Screenshot_2023-03-24_at_2.13.05_PM.png

6. Enter "." (or appropriate character string) for Entity ID, IdP Login URL, IdP Logout URL, and IdP x509 Certificate.

* These will set the correct input values ​​later.

Screenshot 2023-10-11 at 11.16.21 PM.png

7. Choose where to redirect

Select the screen each user is redirected to when they log in.

Space Redirect into space
Lobby

Redirect to lobby screen (space list)

 

8. Click "Save"

9. Click Saved SAML Settings

Screenshot 2023-10-11 at 11.18.22 PM.png

Do not close the ovice setting screen in this state.

 

Azure AD Settings

1. Access https://portal.azure.com/#home

2. Click “Microsoft Entra ID”

Screenshot 2023-10-11 at 10.58.18 PM.png

3. Click "Enterprise Applications"

4. Click "New Application"

Screenshot 2023-10-11 at 11.01.42 PM.png

5. Click "Create Your Own Application"

Screenshot 2023-10-11 at 11.03.35 PM.png

6. Enter any name for "What is the name of your app?" and click "Create"

*There is no need to change other selection items on this screen.

7. Click “Single Sign-On” → “SAML” in the side menu

8. Click Edit for Basic SAML Configuration

Screenshot 2023-10-11 at 11.07.02 PM.png

9. Click "Add Identifier" and "Add Reply URL" to display the respective input areas.

10. Copy and paste the items displayed on the ovice screen prepared in advance to the AzureAD side

ovice Setting Screen (copy source) AzureAD Setting Screen (paste destination)
Identifier Identifier (Entity ID)
Reply URL Response URL (Assertion Consumer Service URL)
Login URL Sign-on URL (optional)

Screenshot 2023-10-11 at 11.30.09 PM.png

*In the above image, the ovice setting screen is on the left, and the AzureAD setting screen is on the right.

 

11. Click Save and close the basic SAML configuration with the X button

Screenshot 2023-10-11 at 11.34.27 PM.png

 

12. Click “Users and Groups” → “Add User or Group” in the side menu.

Screenshot 2023-10-11 at 11.37.13 PM.png

13. Click None Selected for the user

14. Select any user and click Select

15. Click Assign

Screenshot 2023-10-11 at 11.38.27 PM.png

16. Click "Single Sign-On" on the side menu → "Download" of SAML certificate

Screenshot 2023-10-11 at 11.42.59 PM.png

17. Check the item "○○ (any name) setup"

Screenshot 2023-10-11 at 11.43.43 PM.png

Do not close the AzureAD setting screen in this state.

 

ovice Settings

1. Click "Edit" for the SAML created on the ovice side in preparation

Screenshot 2023-10-11 at 11.46.25 PM.png

2. Copy and paste each item on the screen opened in step 17 of AzureAD settings to ovice side

AzureAD setting screen (copy source) ovice setting screen (paste destination)
Login URL IdP login URL
Azure AD identifier entity ID
Logout URL IdP logout URL

 

Screen_Shot_2023-03-28_at_11.39.30_AM.png

*In the above image, the left side is the AzureAD setting screen, and the right side is the ovice setting screen.

3. Configure AzureAD Open the data downloaded in step 16 with a text editor app on your computer

4. Copy all and paste to IdP x509 certificate

*Please also include "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

5. Click "Save"

[Optional] How to add SAML authentication to permission settings

By combining access permission settings , it is possible to allow only users with SAML authentication to access the space.

6. Scroll down the screen and check the created SAML authentication setting in "Activate SSO authentication"

7. Click "Save"

 

Login Using AzureAD

Please try logging in below.
Log in with Space's unique SSO (SAML authentication, etc.)

 

When Login Using AzureAD Fails

Please check the following.

 

Set Common SAML Authentication for Hierarchical Structure (Building) Space

The set SAML authentication will be used in other spaces in the building.

Azure AD settings

1. Click "Edit" for Basic SAML Configuration

Screenshot 2023-10-11 at 11.56.57 PM.png

2. Click "Add Identifier" and "Add Reply URL" to display the respective input areas.

3. Copy and paste the character string of each first line to the second line

Screenshot 2023-10-11 at 11.22.36 PM.png

4. Change the 〇〇 part of "https://〇〇.ovice.in/saml2/xxx..." in the identifier and response URL to the domain name of the newly set space

5. Repeat steps 2-4 for the number of floors in the building

6. Click Save and close the basic SAML configuration with the X button

Screenshot 2023-10-11 at 11.34.27 PM.png

 

ovice Settings

Set the citation settings for the spaces added in the AzureAD settings . Check the following for the setting method.
References to access restrictions on other floors

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section