Enable Azure Active Directory SSO for OpenVPN Cloud

This is the third post in the OpenVPN Cloud series aimed at lab use. In the previous post we created user accounts in the portal but in this step we are going to enable SSO with Azure so we don’t have to create users manually in the OVPN portal.

1) Log onto the OpenVPN Cloud by browsing to your portal URL. This is set to “YourOpenVPNID.openvpn.com”. Log in with the account you signed up with (owner account).

2) Go to Settings section and click on the User Authentication tab and click Edit on the top right corner.

image

Click on the Configure button under the SAML option

image

This will open a new window with the SAML configuration details. Keep this window open as you’ll need these details to setup SSO in Azure. 

image

Now to create an enterprise application in Azure.

3) Log onto Azure Active Directory and create a Group with members who you want to have access to OpenVPN Cloud.

4) Back on Azure AD click on the “Enterprise applications” blade on the left

image

Click on New Application

image

And then click on Create your own application.

image

5) Give you app a name and choose the option “Integrate any other application you don’t find in the gallery (Non-gallery)”

image

Click Create

6) Under Getting Started click on “Assign users and groups” and go ahead and add the group of users you created earlier

image

7) Click on “Set up single sign on” on the left and then click on SAML.

image

8) Click on Edit next to Basic SAML Configuration

image

9) Refer back to the SAML details provided in the window opened in the OpenVPN Cloud portal and enter the following details.

image

For Identifier enter the Issuer name.

For Reply URL enter the SSO URL provided.

image

10) Scroll down to SAML Signing Certificate and copy the App Federation Metadata URL. You’ll need this in a bit.

image

11) Now back on the OpenVPN Cloud page with the SAML details, click on Next

image

12) Enter a name for the identity provider and paste in the App Federation Metadata URL from the SAML Signing Certificate section of the enterprise app in Azure.

image

Click Next and Finish.

13) Head back into Settings and then click on User Authentication and click on Edit on the top right

image

Select SAML and click on the Update button and the Confirm.

That’s it. The next time you browse to your OpenVPN Cloud portal url you will see a Sign in button which will redirect you to the Azure sign in screen.

image

image

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s