Setting up Azure AD

Set up AzureAD SAML2.0 authentication to log in to your ovice account.

If you have already set up SAML authentication for multiple spaces in a hierarchical structure (building), please refer to the following:
SAML authentication settings for a hierarchical structure (building)

 

Advance Preparation

1. Make sure you have the necessary permissions to set it up

  • Azure AD "Application Administrator" role
  • ovice admin privileges

2. Click the three dots in the space header and select the "Space" tab.
*If you are not the organization owner, there is no need to select a tab.

space-settings.png

3. Go to "Space Settings" → "Space Access Settings" → "Member Whitelist Rules" and click "Email Account Authentication"

4. Select the "SSO" tab

Screenshot_2023-03-24_at_2.39.00_PM.png

5. Click the + button next to "SAML Authentication Setup"

6. Enter any name in the IdP name field.

This name will appear on the space URL login screen.

Screenshot_2023-03-24_at_2.13.05_PM.png

7. Enter "." (or an appropriate string) for each of the Entity ID, IdP Login URL, IdP Logout URL, and IdP x509 cert.

*The correct input values ​​will be set later.

Screenshot_2023-03-24_at_2.25.09_PM.png

8. Select the redirect destination

Select the screen each user will be redirected to when they log in.

space Redirect into space
lobby Redirect to the lobby screen (space list)

 

9. Click "Save"

10. Click on the SAML settings you saved

Screenshot_2023-03-24_at_2.26.43_PM.png

Do not close the ovice settings screen in this state.

 

Azure AD configuration

1. Access  https://portal.azure.com/#home

2. Click "Microsoft Entra ID"

Screenshot 2023-10-06 at 7.58.52 AM.png

3. Click on "Enterprise Applications"

4. Click "New Application"

Screenshot_2023-03-24_at_2.31.53_PM.png

5. Click "Create your own application"

Screenshot_2023-03-24_at_2.32.38_PM.png

6. Enter a name for your app in response to "What is the name of your app?" and click "Create."

There is no need to change any other options on this screen.

7. Click "Single Sign-On" → "SAML" in the side menu.

8. Click "Edit" for Basic SAML Configuration

Screenshot_2023-03-24_at_2.36.19_PM.png

9. Click "Add Identifier" and "Add Response URL" to display the input area for each.

10. Copy and paste the items displayed on the Azure AD screen that you prepared in advance.

ovice setting screen (copy source) AzureAD settings screen (paste destination)
Identifier Identifier (Entity ID)
Reply URL Response URL (Assertion Consumer Service URL)
Login URL Sign-on URL (optional)

 

Screenshot_2023-03-24_at_2.46.48_PM.png

*In the above image, the ovie screen is on the left and the AzureAD screen is on the right.

11. Click "Save" and close the Basic SAML Configuration with the X button

Screenshot_2023-03-24_at_2.52.57_PM.png

12. Click "Users and Groups" on the side menu → "Add User or Group"

Screenshot_2023-03-24_at_3.32.13_PM.png

13. Click on "Not Selected" for the user

14. Select a user and click "Select"

15. Click "Assign"

Screenshot_2023-03-24_at_3.36.18_PM.png

16. Click "Single Sign-On" on the side menu → "Download" for SAML Certificate

Screenshot_2023-03-24_at_2.57.43_PM.png

17. Check the item "Set up XX (any name)"

Screenshot 2023-11-13 at 2.47.33 PM.png

Do not close the Azure AD settings screen in this state.

 

ovice Settings

1. Click "Edit" for the SAML created on the ovice side in advance preparation.

Screenshot_2023-03-24_at_3.52.34_PM.png

2. Copy and paste each item on the screen that opens in step 17 of the AzureAD settings to the ovice side.

AzureAD settings screen (copy source) ovice setting screen (paste destination)
Login URL IdP Login URL
Microsoft Entra Identifier Entity ID
Logout URL IdP Logout URL

 

Screenshot 2023-11-13 at 2.38.36 PM.png

*In the above image, the AzureAD screen is on the left and the ovice screen is on the right.

3. Open the data downloaded in step 16 of the Azure AD settings in a  text editor on your computer.

*For Mac, right-click the certificate file and select "Open with other application" to open it with the "TextEdit" app.

4. Copy and paste the entire IdP x509 certificate

*Please include "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

5. Click "Save"

[Optional] How to add SAML authentication to permission settings

By combining the publishing and Space Access Settings, you can allow only users who have authenticated with SAML to access the space.

6. Scroll down the screen and check the SAML authentication settings you created under "Activate SSO authentication".

7. Click "Save"

 

Log in using Azure AD

Please refer to the following and try logging in.
Log in with the space's own SSO (SAML authentication, etc.)

 

If you fail to log in using Azure AD

Please check the following:

 

Set up common SAML authentication for spaces in a hierarchical structure (building)

To use the SAML authentication you set in other spaces in the building, use the quotation setting. See below for the setting method.
Inheritance Settings

Once the setup is complete, the same SAML authentication login button will be displayed on the login screen of the cited space.

Articles in this section

See more