How to configure SAML authentication with Microsoft Entra ID?
Zyxel Employee
Download the Service Provider (SP) metadata file
The following document outlines the procedure for integration between the Self-Service Single Sign-On framework that is supported in Nebula and Microsoft Entra ID (formerly Azure Active Directory) through SAML for both IdP initiated and SP Initiated Single Sign-On.This metadata file which contains all the callback URLs (where to send the successful/unsuccessful authentication responses to) as well as the certificates to use when communicating between the trusted Service Provider (SP) and Identity Provider (IdP).
In this case, Nebula serves as the Service Provider (SP), while Microsoft Entra ID acts as the Identity Provider (IdP).
Let's create the SSID with Microsoft Entra ID(Azure AD) that will serve a Captive Portal and authenticate using SAML.
- Navigate to Site-wide > Configure> Access points>SSID advanced settings.
- Select the sign-in method and select Microsoft Entra ID(Azure AD) from the dropdown list.
- Click the Download Metadata XML link and save the downloaded metadata file. This will be used later in Microsoft Entra ID.
Configuring Microsoft Entra ID
Now that we have the required information from Nebula, we can start configuring our IdP.
- Start by logging into your Azure account, and opening up Azure Active Directory.
- From the Entra ID Portal, navigate to Azure services and select Enterprise applications.
- From the Enterprise Applications, select New application > Create your own application.
- Create your own application.
- Provide the application name. Select Integrate any other application you don’t find in the gallery (Non-Gallery) then select create.
- From the application Overview page, select Get Started in the Set up Single sign-on pane and select SAML.
- Choose SAML.
- In the Entra ID (Nebula-SAML-TEST) Enterprise Application SAML-based Sign-on page, select Upload metadata file and navigate to the saved exported file from Nebula.
- Click Add
- Confirm that the imported data is correct; then save the configuration.
- From the Azure Enterprise Application, Section 3: SAML Certificates, select Download the Federation Metadata XML from Entra ID then upload to Nebula later.
- Assign Users and Groups From the new application Overview page, select Assign Users and Groups > Add user/group
Click on Assign users and groups.
- Add user/group.
- Select the user and assign.
Upload metadata file from Entra ID metadata file
Finally, we selected upload metadata file from Entra ID metadata file. The data is imported from the App Federation Metadata file.
Testing the Authentication
Enter the email address of the IdP account and complete the IdP login process.The browser is redirected to the Microsoft Login Portal.
HsinBo
Don't miss this great chance to upgrade your Nebula org. for free!
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 271 USG FLEX H Series
- 274 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 389 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight