Azure AD settings

Updated March 28, 2023 16:44

Configure settings to use AzureAD SAML2.0 authentication for logging in to the ovice account.

If you have already set up and want to set common SAML authentication for multiple spaces in a hierarchical structure (building), please refer to the following.
Hierarchical Structure (Building) SAML Authentication Settings

Advance preparation

1. Make sure you have the required permissions for the settings

Assigning the role of "Application Administrator" in AzureAD
ovice administrator privileges

2. On the ovice management screen, click "Space Settings" → "Access Permissions" → "Email Authentication" under Allow access as a member.

3. Select the "SSO Authentication" tab

Screenshot_2023-03-24_at_2.39.00_PM.png

4. Click the + button of "Register SAML authentication"

5. Enter any name in Idp name

This name will be displayed on the login screen.

Screenshot_2023-03-24_at_2.13.05_PM.png

6. Enter "." (or appropriate character string) for Entity ID, IdP Login URL, IdP Logout URL, and IdP x509 Certificate.

* These will set the correct input values later.

Screenshot_2023-03-24_at_2.25.09_PM.png

7. Choose where to redirect

Select the screen each user is redirected to when they log in.

space	Redirect into space
lobby	Redirect to lobby screen (space list)

8. Click "Save"

9. Click Saved SAML Settings

Screenshot_2023-03-24_at_2.26.43_PM.png

Do not close the ovice setting screen in this state.

Azure AD settings

1. Access https://portal.azure.com/#home

2. Click "Azure Active Directory"

Screenshot_2023-03-24_at_2.30.20_PM.png

3. Click "Enterprise Applications"

4. Click "New Application"

Screenshot_2023-03-24_at_2.31.53_PM.png

5. Click "Create Your Own Application"

Screenshot_2023-03-24_at_2.32.38_PM.png

6. Enter any name for "What is the name of your app?" and click "Create"

*There is no need to change other selection items on this screen.

7. Click “Single sign-on settings” → “SAML” in the side menu

8. Click Edit for Basic SAML Configuration

Screenshot_2023-03-24_at_2.36.19_PM.png

9. Click "Add Identifier" and "Add Reply URL" to display the respective input areas.

10. Copy and paste the items displayed on the ovice screen prepared in advance to the AzureAD side

ovice setting screen (copy source)	AzureAD setting screen (paste destination)
identifier	Identifier (Entity ID)
Reply URL	Response URL (Assertion Consumer Service URL)
Login URL	Sign-on URL (optional)

Screen_Shot_2023-03-28_at_11.37.31_AM.png

*In the above image, the ovice setting screen is on the left, and the AzureAD setting screen is on the right.

11. Click Save and close the basic SAML configuration with the X button

Screenshot_2023-03-24_at_2.52.57_PM.png

12. Click “Users and Groups” → “Add User or Group” in the side menu.

Screenshot_2023-03-24_at_3.32.13_PM.png

13. Click "not selected" for the user

14. Select any user and click "Select"

15. Click "Assign"

Screenshot_2023-03-24_at_3.36.18_PM.png

16. Click "Single sign-on settings" on the side menu → "Download" of SAML certificate

Screenshot_2023-03-24_at_2.57.43_PM.png

17. Check the item "○○ (any name) setup"

Screenshot_2023-03-24_at_3.01.07_PM.png

Do not close the AzureAD setting screen in this state.

ovice settings

1. Click "Edit" for the SAML created on the ovice side in preparation

Screenshot_2023-03-24_at_3.52.34_PM.png

2. Copy and paste each item on the screen opened in step 17 of AzureAD settings to ovice side

AzureAD setting screen (copy source)	ovice setting screen (paste destination)
Login URL	IdP login URL
Azure AD identifier	entity ID
Logout URL	IdP logout URL

Screen_Shot_2023-03-28_at_11.39.30_AM.png

*In the above image, the left side is the AzureAD setting screen, and the right side is the ovice setting screen.

3. Configure AzureAD Open the data downloaded in step 16 with a text editor app on your computer

4. Copy all and paste to IdP x509 certificate

*Please also include "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

5. Click "Save"

[Optional] How to add SAML authentication to permission settings

By combining access permission settings , it is possible to allow only users with SAML authentication to access the space.

6. Scroll down the screen and check the created SAML authentication setting in "Activate SSO authentication"

7. Click "Save"

Login using AzureAD

Please try logging in below.
Log in with Space's unique SSO (SAML authentication, etc.)

When login using AzureAD fails

Please check the following.

I get a 500 error when logging in with SAML authentication
Make sure that each item (assertion information, etc.) of the created application is set correctly.
Make sure the user is assigned correctly in the Users and Groups settings.

Set common SAML authentication for hierarchical structure (building) space

The set SAML authentication will be used in other spaces in the building.

Azure AD settings

1. Click "Edit" for Basic SAML Configuration

Screenshot_2023-03-24_at_2.36.19_PM.png

2. Click "Add Identifier" and "Add Reply URL" to display the respective input areas.

3. Copy and paste the character string of each first line to the second line

Screenshot_2023-03-27_at_9.10.42_AM.png

4. Change the 〇〇 part of "https://〇〇.ovice.in/saml2/xxx..." in the identifier and response URL to the domain name of the newly set space

5. Repeat steps 2-4 for the number of floors in the building

6. Click Save and close the basic SAML configuration with the X button

Screenshot_2023-03-24_at_2.52.57_PM.png

ovice settings

Set the citation settings for the spaces added in the AzureAD settings . Check the following for the setting method.
References to access restrictions on other floors

Advance preparation

Azure AD settings

ovice settings

[Optional] How to add SAML authentication to permission settings

Login using AzureAD

When login using AzureAD fails

Set common SAML authentication for hierarchical structure (building) space

Azure AD settings

ovice settings

Articles in this section