SSO for AdminConsole using Azure ActiveDirectory
AdminConsole of NirvaShare comes with default in-built user store to support multiple admin users. It is also possible to configure AdminConsole to use external Identity providers like IAM Identity Center, Active Directory, etc. In this document, we will configure AdminConsole to use Azure ActiveDirectory, so that users from ActiveDirectory will be able to login to AdminConsole using SAML 2.0 SSO.
As prerequisites you will need to have:
- Make sure NirvaShare is installed either on cloud or on premise. You can also directly install from Azure Marketplace
- Configure the Storage and User Application URL . For details check HERE
- Make sure proper domain name and SSL certificate is configured for AdminConsole.
- You will require access to your ActiveDirectory as console administrator.
- Login to NirvaShare AdminConsole and click on Users & Roles tab.
- Create a new delegated admin user and select the role as super admin. Here the username must be unique and a same username should also exist in ActiveDirectory as well (can be created later too).
- SSH to linux terminal where NirvaShare is installed, create a file with the below path as root user.
- Add the following entries in to the file.
ns_external_idp=true ns_auto_create_user=true ns_saml2_sp_company_name= <Your company name> ns_saml2_sp_email=<your contact email id> ns_saml2_sp_domain_url= <adminconsole domain name> ns_saml2_idp_metadata_content=
- Make sure you replace with a proper values for attributes names
- Open the adminConsole url https://<your adminconsole>/saml/0/metadata
- This will display the XML metadata, save this content into a local file system with filename as admin-console-metatdata.xml. This file will be required in later steps to configure SSO
- On the top menu, click on New application
- On the top menu, click on Create your own application
- Provide a name as nirvashare-adminConsole and click on Create
- Once the newly created application is selected, click on Single sign-on from the left menu tab.
- We need to enable SAML, hence click on SAML block on right hand side.
At this juncture, you will require SAML metadata obtained from the earlier steps from Admin Console.
- Click on Upload metadata file select the admin-console-metatdata.xml from your local system
- Save it.
- Download the Federation Metadata XML file from SAML Signing Certificate section. Save it in to your local file system as azure-adminconsole-console.xml
- Above file will be required while configuring NirvaShare Admin Console.
- Click on Users and groups from left tab and assign users to this application.
- Make sure the username of the assigned users existing in the NirvaShare Admin Console as delegated admins.
- Please note that, you can also use a group and assign multiple users to it, for now we will deal with user.
- Next, copy paste the content of the file azure-adminconsole-metadata.xml into a textpad. Remove new lines and disable word wrap.Make the entire content as a single line. We will need this single line metadata content in the AdminConsole configuration in next steps.
- SSH to Linux terminal where NirvaShare is installed, edit below file.
- Copy paste the metadata single line content from above steps in to this file for the attribute value of ns_saml2_idp_metadata_content
- Save the config.properties.
- Restart adminConsole service using below command
docker restart nirvashare_admin
Now open AdminConsole https://<your adminConsole domain> this will redirect to Azure ActiveDirectory and perform SSO for authentication. Reach out to our support in case of any help or assistance needed.