[Nebula 19.10] Microsoft Entra ID Integration Now Available on Zyxel Nebula

Zyxel_Lynn

We’re excited to introduce the Microsoft Entra ID (formerly Azure Active Directory) integration for Zyxel’s Nebula Control Center (NCC). This feature enhances secure user access and simplifies identity management across your organization. Below, we walk you through everything IT technicians need to know to successfully integrate Microsoft Entra ID with the Zyxel platform.

What Is Microsoft Entra ID Sign-In?

Microsoft Entra ID enables single sign-on (SSO) using domain-based Microsoft credentials. Zyxel has now added “Continue with Microsoft Entra ID” as a sign-in option on its portals. This allows users to authenticate using their organization’s domain, rather than the traditional Zyxel username-password method.

Key Integration Requirements

To integrate Microsoft Entra ID with Zyxel, IT administrators will need:

(1) A Registered Domain:

Integration requires a custom company domain (e.g., yourcompany.com), not public domains like Gmail or Yahoo. Domains ending in zyxel.com, zyxel.com.tw, or public email services cannot be used for Entra integration.

(2) Email Server:

Used for account verification.

(3) Microsoft Entra Admin Center:

Where apps, users, and policies are configured.

(4) Zyxel Platform Account:

A Zyxel account created using your custom domain.

Domain-Wide Sign-In Method Switch

When Entra is integrated, all users sharing that domain (e.g. yourcmopany.com) will switch from the Zyxel login method to Microsoft Entra ID. After that, their previous Zyxel login credentials will be invalid and login access becomes tied to Microsoft credentials.

Step-by-Step Integration Guide

Step 1: Enable Entra Integration on Zyxel

First, navigate to the Managed Account page. If your account uses a valid custom domain, you will see the Microsoft Entra ID Settings section. Download the Zyxel metadata XML file.

Step 2: Configure in Microsoft Entra Admin Center

Second, go to Enterprise Applications. Click + New Application > “Create your own application”. Name it (e.g., Zyxel SSO Test), choose Integrate any other application, and create it. Select Single Sign-On > SAML, and then upload the Zyxel metadata XML file.

Step 3: Upload Entra Metadata to Zyxel

In Zyxel’s Entra ID Settings, upload the federation metadata XML file from Entra. This completes the SAML configuration.

Step 4: Verify and Deploy

Click Verify in Zyxel to trigger Microsoft login and receive a deployment code. Enter the code in Zyxel to finalize the configuration. Status will change to Working, indicating successful integration.

Managing Application Users

In the Entra Admin Center, go to the application > Assign Users and Groups. Add each employee who should have access. Only assigned users will be allowed to log in.

First-Time Login Experience

When users sign in via “Continue with Microsoft Entra ID”, they must enter their domain and Microsoft credentials. On first login, they’ll set a new password and configure multi-factor authentication (MFA) using the Microsoft Authenticator app.

Troubleshooting and Special Cases

(1) Integrator Account:

Only the original Integrator (admin who completed the setup) can reconfigure or edit the Entra ID settings in Zyxel. If the Entra app is deleted or fails, even the Integrator won’t be able to log in via SSO.

(2) Emergency Sign-In:

Zyxel provides a recovery method. The Integrator can request a special login link via the “Forgot Password” option. This bypasses SSO, allowing them to access their account and fix the configuration.

(3) Lost Integrator Access?

If the Integrator leaves the company or loses access, contact Zyxel HQ. Provide the original Integrator’s identity to verify the request. HQ will reassign Integrator privileges to a new account.

Email Notifications

Users and Integrators will receive automated emails showing ‘Confirming successful integration’ to inform users of the switch to Microsoft Entra ID. This is to guide users who attempt to log in using the old Zyxel method.

To sum up, the Microsoft Entra ID integration greatly strengthens security and centralizes user management. However, IT technicians must carefully manage the integration and user assignment to avoid access issues. We highly recommend testing with a POC setup before deploying widely.