Azure Virtual Network, VPN and Azure Virtual Desktop Setup

I recently had to completely rebuild my home lab and this time decided to extend it into Azure as well. I wanted to take a moment to document what my lab in Azure currently looks like.

It’s not an extensive setup, with only a virtual network and a site-to-site VPN connection with my home lab and also the Azure Virtual Desktop side of things too. I’ve built, tore down and rebuilt the AVD host pools several times and will continue to do so.

Since all my resources in Azure are currently in one Resource Group the ‘Resource visualizer’ is perfect for this:

image

Of course, this doesn’t show my Intune and AutoPilot policies and profiles which I will document separately.

My lab at home is a super simple setup with a AD DC which has DNS, DHCP, RRAS and CA, a ConfigMgr/SCCM primary site. I also have a separate RRAS server with OpenVPN Cloud connector to simulate WAN/off-site access which is primarily used to test AutoPilot with AAD Join and domain access using WHfB.

Advertisement

Enable Azure Active Directory SSO for OpenVPN Cloud

This is the third post in the OpenVPN Cloud series aimed at lab use. In the previous post we created user accounts in the portal but in this step we are going to enable SSO with Azure so we don’t have to create users manually in the OVPN portal.

1) Log onto the OpenVPN Cloud by browsing to your portal URL. This is set to “YourOpenVPNID.openvpn.com”. Log in with the account you signed up with (owner account).

2) Go to Settings section and click on the User Authentication tab and click Edit on the top right corner.

image

Click on the Configure button under the SAML option

image

This will open a new window with the SAML configuration details. Keep this window open as you’ll need these details to setup SSO in Azure. 

image

Now to create an enterprise application in Azure.

3) Log onto Azure Active Directory and create a Group with members who you want to have access to OpenVPN Cloud.

4) Back on Azure AD click on the “Enterprise applications” blade on the left

image

Click on New Application

image

And then click on Create your own application.

image

5) Give you app a name and choose the option “Integrate any other application you don’t find in the gallery (Non-gallery)”

image

Click Create

6) Under Getting Started click on “Assign users and groups” and go ahead and add the group of users you created earlier

image

7) Click on “Set up single sign on” on the left and then click on SAML.

image

8) Click on Edit next to Basic SAML Configuration

image

9) Refer back to the SAML details provided in the window opened in the OpenVPN Cloud portal and enter the following details.

image

For Identifier enter the Issuer name.

For Reply URL enter the SSO URL provided.

image

10) Scroll down to SAML Signing Certificate and copy the App Federation Metadata URL. You’ll need this in a bit.

image

11) Now back on the OpenVPN Cloud page with the SAML details, click on Next

image

12) Enter a name for the identity provider and paste in the App Federation Metadata URL from the SAML Signing Certificate section of the enterprise app in Azure.

image

Click Next and Finish.

13) Head back into Settings and then click on User Authentication and click on Edit on the top right

image

Select SAML and click on the Update button and the Confirm.

That’s it. The next time you browse to your OpenVPN Cloud portal url you will see a Sign in button which will redirect you to the Azure sign in screen.

image

image