Enabling Azure AD Single-Sign-On

Before starting this task, ensure that you create an application registration. For details, see https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal. The user interface on Microsoft Azure is subject to change without notice.

Important:

You must first complete the following steps before enabling SSO.

Note:

If you want to enable SSO on more than one NAS, you must repeat all of these steps on each NAS.

  1. Go to Control Panel > Privilege > Domain Security > SSO.
  2. Select Enable Azure SSO Service.
  3. Specify Client ID.

    For details, visit https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal.

    Note:

    The Client ID is also known as an Application ID.

  4. Specify Tenant ID.

    For details, visit https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal.

  5. Specify Reply URLs.

    1. Sign in as an administrator at https://portal.azure.com/#home.

    2. Click Azure Active Directory, and then click App registrations > Your app > All settings > Reply URLS.

    3. Add :8080/cgi-bin to the end of the IP address.

    4. Copy and paste the URL into the Reply URLs field label on the NAS.

  6. Specify the Public key.
    Note:

    • The public key must be a PEM file.

    • You can convert a CA certificate to a public key using a Linux environment or an OpenSSL.

  7. Click Apply.
    Note:

    Your NAS login screen changes to include an Azure SSO login option.

Parent topic: Azure Active Directory Single Sign-On (SSO)