While implementing SSO (single sign on), we recommend opening 2 browser tabs. In one tab open and log into your nOps account, in the other open your OneLogin account. You will need to copy information from one application to the other in order to sync the information and to allow SSO access with OneLogin.
This topic is for Clients who log in using an Administrator Role. It assumes that you have nOps configured on your Azure AD portal.
To Set Up SSO on nOps
Login to nOps and navigate to Organizational Settings from the profile link.
Or as a Partner Admin role click on the SSO link.
From the Settings pane click the SSO option.
If you do not have SSO configured you will see a dialog to enable it
Click Enable SSO to go to the SSO Settings page.
Enable the Enable SSO Login toggle.
From the Select SSO Type drop-down, select Azure.
Now you need to add an SSO configuration on the Azure portal.
To Set Up SSO on Azure
Login to the Microsoft Azure portal and click the Azure Active Directory widget to go to the Overview page
Click + Add and select Enterprise Application.
At the Browse Azure AD Gallery, search for SAML toolkit and click the icon when it’s displayed.
At the Azure AD SAML Toolkit dialog enter a Name for this application and press enter. This may take a few minutes to save.
Suggestion for name: nops-SSO
After the name is entered you will be taken to the Overview page to continue to set up this application.
Assign users and groups and set up the single sign on (SSO)
Begin assigning users by clicking the link in 1. Assign users and groups widget.
At the Add Assignment page click + Add user/group from the toolbar.
Click None Selected link and at the Users dialog enter search criteria to find and add users.
The system may identify users that you can select.
Click on the user/s to add them.
At the Add Assignment page, click the Assign button to add the users you selected. You will see a success dialog and return to the Users and groups page.
Once you have completed adding all users click the Overview tab in the left pane.
Set up the single sign on (SSO) widget
Click the Get Started link in the 2. Set up single sign on widget.
At the Single sign-on page select the SAML widget to open the SAML-based Sign-on page
You will configure URLs and attributes by copying the information from nOps and pasting it into theBasic SAML Configuration page in Azure.
From Basic SAML Configuration click Edit, then click Add identifier.
Replace the Identifier (Entity ID) field with the Entity ID url from the nOps SSO page
Replace the Reply URL (Assertion Consumer Service URL) with the Assertion Consumer Service URL from nOps
Replace the Sign on URL in Azure with the Shareable Link for IDP Login url from nOps.
Once you are done click the Save icon on the top left corner of the dialog.
Return to the Sign-on page to add attributes.
Click Edit on the Attributes and Claims widget to add attributes.
On Attributes & Claims dialog click + Add new claim to open the Manage claim dialog
You will add 3 new claims. You must enter mandatory information for Name, Source and Source Attribute as seen in the following table. Save each claim before you add the next one.
3. Click Save to complete the configuration for the Azure portal
Entering information from the Azure portal to nOps
To complete the set up, copy the following items from the Azure portal to the nOps SSO page.
From the SAML-based sign-on page navigate to section 3 the SAML Signing Certificate widget and click the Certificate (Base64) download link.
When it is downloaded, open the download with a text editor such as NotePad (DO NOT USE WORD) and copy the contents of the certificate to the nOps X.509 Certificate field.
From section 4 in the Azure SAML Sign-on page copy the Login URL into the SAML 2.0 Endpoint (HTTP) (singleSignOnService: URL) in nOps.
Use this information to enter info the Issuer URL (entityId) field in nOps.
Copy the Azure AD Identifier URL into the nOps Issuer URL (entityId).
In the nOps SSO dialog navigate to User Roles/Groups. For Default role select client-admin to apply this role as a default for all users logging in from the Azure portal.
Click Setup SSO Configuration to complete the setup.
You have now completed the SSO set up on both nOps and on the Microsoft Azure portal.
Test your Set-up
You can now test your setup.
From the Azure portal Saml-based Sign-on page click the Test button in section 5.
At the Test single sign-on dialog click the Sign in as current user and click Test sign in.
Navigate to the nOps webpage to see that you are being signed in through the Azure single sign on.
To create and add a Group configuration
Click the Single sign-on tab in the left pane.
Click + Add a group claim to add a group.
You will need to enter some advanced options for this claim.
At the Group Claims dialog select Source Attribute: Group ID
Then click the Advanced options link.
Click the Filter groups (preview) checkbox and enter information for the 3 fields:
Attribute to match: Display name
Match with: Contains
The string should match the name of the group you entered.
Check the Customize the name of the group claim box
Enter the Name for the attribute as: User.Groups
Save the Group Claim
Return to the Single sign-on tab. You should see user.groups added to the User Groups setting in Attributes and Claims section
Add the group to the Azure portal.
Click on the Home in the breadcrumb links at the top of the page.
From the Home page find and click Groups.
At the Groups | All groups page click New group.
For Group name, enter a name containing the String you entered earlier (nops). For example nops-group
Click Create to return to the Groups | All groups page. And refresh the page to see the group you added. You can also search for it.
Copy the Object ID for the group and enter it in the nOps SSO page under User Roles/Groups > Client Admin Groups field.
Ensure that the Set nOps role based on SAML Group toggle is enabled.
Then click Update SSO Configurations.
To test this group integration where a member of a group is automatically logged in as an Admin user.
Return to the Home page in Azure Portal.
From My Apps, select the Nops App you added and click on it.
You are directed to the nOps Web app login page and are automatically logged in since SSO was set up from the Azure portal.