This is the third post in the OpenVPN Cloud series aimed at lab use. In the previous post we created user accounts in the portal but in this step we are going to enable SSO with Azure so we don’t have to create users manually in the OVPN portal.
1) Log onto the OpenVPN Cloud by browsing to your portal URL. This is set to “YourOpenVPNID.openvpn.com”. Log in with the account you signed up with (owner account).
2) Go to Settings section and click on the User Authentication tab and click Edit on the top right corner.
Click on the Configure button under the SAML option
This will open a new window with the SAML configuration details. Keep this window open as you’ll need these details to setup SSO in Azure.
Now to create an enterprise application in Azure.
3) Log onto Azure Active Directory and create a Group with members who you want to have access to OpenVPN Cloud.
4) Back on Azure AD click on the “Enterprise applications” blade on the left
Click on New Application
And then click on Create your own application.
5) Give you app a name and choose the option “Integrate any other application you don’t find in the gallery (Non-gallery)”
Click Create
6) Under Getting Started click on “Assign users and groups” and go ahead and add the group of users you created earlier
7) Click on “Set up single sign on” on the left and then click on SAML.
8) Click on Edit next to Basic SAML Configuration
9) Refer back to the SAML details provided in the window opened in the OpenVPN Cloud portal and enter the following details.
For Identifier enter the Issuer name.
For Reply URL enter the SSO URL provided.
10) Scroll down to SAML Signing Certificate and copy the App Federation Metadata URL. You’ll need this in a bit.
11) Now back on the OpenVPN Cloud page with the SAML details, click on Next
12) Enter a name for the identity provider and paste in the App Federation Metadata URL from the SAML Signing Certificate section of the enterprise app in Azure.
Click Next and Finish.
13) Head back into Settings and then click on User Authentication and click on Edit on the top right
Select SAML and click on the Update button and the Confirm.
That’s it. The next time you browse to your OpenVPN Cloud portal url you will see a Sign in button which will redirect you to the Azure sign in screen.