Prerequisites
For a Native deployment (without IPsec/GRE tunnel), be sure to add the following domains to the walled garden in your captive portal configuration:
*.microsoftonline.com
*.live.com
*.msftauth.net
*.microsoft.com
*.msauth.net
Configure Azure AD SSO
Add the Azure AD SAML Toolkit application
From Home, click on Enterprise applications
Add a new application and Search for Azure AD SAML Toolkit and create it after giving it an explicit name
Configure Single Sign-On
Once you have the Azure AD SAML Toolkit application, click on it and go to Single Sign-On and On the Select a single sign-on method page, select SAML.
On Set up Single Sign-On with SAML Page
On the Basic SAML Configuration page, enter the values for the following fields :
Identifier (Entity ID) : Copy and past the Cloudi-Fi Entity ID (Marked 2 on the below image)
Reply URL (Assertion Consumer Service URL) : Copy and paste the linkback URL (Marked 1 on the Below image)
Sign on URL : https://login.cloudi-fi.net/
SAML Configuration on Cloudi-Fi (Settings > Auth modes)
On Cloudi-Fi Side
Go to Settings > Auth modes > SAML, enter the values for the following fields :
IdP EntityId : Azure AD Identifier (Marked 2)
Binding Method : Post
IdP Endpoint : Login URL (Marked 1)
Logout Binding Method (Optional) : Post
Logout Endpoint : Logout URL (Marked 3)
IdP Signing Certificate (x509 format) : Download the Base64 Certificate and Past the content here (without the "Begin Certificate" and "End certificate" markers)
Email Attribute name : Claim name corresponding to the Mail value (Marked 1)
Fullname Attribute (Optional) : Claim name corresponding to the Givenname value (Marked 2)