Prerequisites

For a Native deployment (without IPsec/GRE tunnel), be sure to add the following domains to the walled garden in your captive portal configuration:

  • *.microsoftonline.com

  • *.live.com

  • *.msftauth.net

  • *.microsoft.com

  • *.msauth.net

Configure Azure AD SSO

Add the Azure AD SAML Toolkit application

From Home, click on Enterprise applications

Add a new application and Search for Azure AD SAML Toolkit and create it after giving it an explicit name

Configure Single Sign-On

Once you have the Azure AD SAML Toolkit application, click on it and go to Single Sign-On and On the Select a single sign-on method page, select SAML.

On Set up Single Sign-On with SAML Page

On the Basic SAML Configuration page, enter the values for the following fields :

  • Identifier (Entity ID) : Copy and past the Cloudi-Fi Entity ID (Marked 2 on the below image)

  • Reply URL (Assertion Consumer Service URL) : Copy and paste the linkback URL (Marked 1 on the Below image)

  • Sign on URL : https://login.cloudi-fi.net/

SAML Configuration on Cloudi-Fi (Settings > Auth modes)

On Cloudi-Fi Side

Go to Settings > Auth modes > SAML, enter the values for the following fields :

  • IdP EntityId : Azure AD Identifier (Marked 2)

  • Binding Method : Post

  • IdP Endpoint : Login URL (Marked 1)

  • Logout Binding Method (Optional) : Post

  • Logout Endpoint : Logout URL (Marked 3)

  • IdP Signing Certificate (x509 format) : Download the Base64 Certificate and Past the content here (without the "Begin Certificate" and "End certificate" markers)

  • Email Attribute name : Claim name corresponding to the Mail value (Marked 1)

  • Fullname Attribute (Optional) : Claim name corresponding to the Givenname value (Marked 2)

Did this answer your question?