SevOne SAML Single Sign-On Setup Guide
•
•
•
1.
2.
3.
4.
a.
b.
5.
6.
7.
8.
9.
10.
a.
b.
11.
3 Configure SAML using Azure Active Directory Single Sign-On Setup
3.1 Prerequisite
Azure Active Directory (AD) subscription. If you do not have a subscription, you may obtain a free account.
Azure Active Directory (AD) Security Assertion Markup Language (SAML) Toolkit Single Sign-On (SSO) enabled subscription.
IP Address of SevOne NMS Cluster Leader required.
3.2 Create / Configure Azure Active Directory Single Sign-On application
Login to the Azure portal.
Navigate to Azure Active Directory under Azure Services.
Click Add button to add an Enterprise application.
Click Create your own application button.
Enter application name.
Select Integrate any other application application you don't find in the gallery. i.e., Non-gallery.
From left navigation bar, under Manage, click Users and groups.
Click Add user/group, and select the Azure users and groups to have access to Single Sign-On.
Click Assign after users and groups have been added.
From left navigation bar, under Manage, click Single sign-on.
Select SAML as the single sign-on method.
Click in sectionBasic SAML Configurationto edit.
Change Identifier (Entity ID) tohttps://
<Cluster Leader IP address>
/sso/callback where
<Cluster Leader IP address>
is the IP address of your SevOne NMS cluster leader.
Change Reply URL (Assertion Consumer Service URL) to https://
<Cluster Leader IP address>
/sso/callbackwhere
<Cluster Leader IP address>
is the IP address of your SevOne NMS cluster leader.
Click Save followed by to close.
Please refer tohttps://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial for
details.
IMPORTANT: Upgrade / Install SevOne NMS
To use Single Sign-On feature, you must be on SevOne NMS 5.7.2.15 or higher version.
For now, create your own Azure active directory single sign-on application. In the future, this will change so that the user
can use the existing gallery application supporting SAML SSO.
Your account must be an Azure subscription administrator / owner.
If the button is unavailable, your account may not have the correct permissions.
Here, you will determine which Azure users to provide access to Single Sign-On.
You are now on SAML-based sign-on page.
To go back, click Single sign-on under Manage in the left navigation bar.
This field is used for IDP-initiated SSO, so it will not be used, but is required for application setup.
If you get a pop-up asking if you want to test the app, decline it for now.