Embed Size (px)
Citation preview
1
Azure Active Directory Single Sign-on (SSO) for Vonage Business Communications
2
AZURE ACTIVE DIRECTORY SINGLE SIGN-ON (SSO) FOR VBC
Introduction 2
What is Azure Active Directory? 2
Prerequisites 2
Configuring Azure Active Directory Single Sign-on 3
Add a non-gallery application 3
Configure user sign-in properties 3
Configure SAML-based single sign-on 4
Step 1. Set up Vonage Business Communications to use Azure AD 4
Step 2. Edit the Azure AD SAML Configuration 5
Step 3. Configure User attributes 6
Step 4. Add user assignments 7
Step 5. Finished 8
IntroductionThis document describes how to configure Single Sign-on for Vonage Business Communications using Azure Active Directory as your identity provider (IDP).
What is Azure Active Directory?Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service, which helps your employees sign in and access resources. Azure Active Directory enables single sign-on access to cloud applications (like Vonage Business Communications).
Once a user signs into Azure Active Directory, they can then launch any of their enabled web apps without re-entering their login credentials for each app. Azure Active Directory establishes a secure connection with the user’s browser. It then authenticates the user to login to Azure Active Directory managed apps via SAML, a pre-integrated, federated authentication protocol.
For more information, see Single Sign-on SAML protocol.
Prerequisites• A Microsoft Azure account is required to configure Single Sign-on using Azure AD.
• Usernames are required to match the NameID of the corresponding user account in Azure AD, which is typically the email address of the user. If your Vonage Business Communications usernames are not email addresses it is recommended that they are updated prior to setup to avoid errors.
AZURE ACTIVE DIRECTORY SINGLE SIGN-ON (SSO) FOR VBC
3
AZURE ACTIVE DIRECTORY SINGLE SIGN-ON (SSO) FOR VBC
Configuring Azure Active Directory Single Sign-onAdd a non-gallery application
1. Sign in to the Azure Active Directory portal using your Microsoft identity platform administrator account.
2. Select Enterprise Applications > New application.3. Search for Vonage from the box labeled Search application.
4. From the search results, click on the Vonage application.
5. You can now rename the application if desired and then click the Create button. The Application Overview page will now open.
4
AZURE ACTIVE DIRECTORY SINGLE SIGN-ON (SSO) FOR VBC
Configure SAML-based single sign-on
Step 1. Set up Vonage Business Communications to use Azure ADThe Set up <applicationName> section lists the values that need to be configured so that Vonage Business Cloud will use Azure AD as a SAML identity provider.
1. From the Application Overview page, click the Set up single sign on tile.
2. Select SAML. The Setup Single Sign-On with SAML page appears.
3. Scroll down to the SAML Signing Certificate section.
4. Click on the Download link next to the Certificate (Base64) option.
5. Save the certificate for when you set up Vonage to use Azure AD.
6. Scroll down to the Set up <applicationName> section.
7. Open the Vonage Business Communications Single Sign-on Settings page in a separate browser window.
8. Copy the values from Azure AD into your Vonage Business Communications Single Sign-on Settings.
5
AZURE ACTIVE DIRECTORY SINGLE SIGN-ON (SSO) FOR VBC
Azure AD Setting VBC Setting
Login URL Sign-in page URL
Azure AD Identifier Entity ID
Logout URL Sign-out page URL
9. Upload your X509 certificate into the Upload Certificate field.10. When you've pasted all the values into the appropriate fields, select Save.
Step 2. Edit the Azure AD SAML Configuration
1. To edit the basic SAML configuration options, select the Edit icon (a pencil) in the upper-right corner of the Basic SAML Configuration section at the top of the page.
2. Copy the values from your Vonage Business Communications Service Provider Settings on the Vonage Business Communications Single Sign-on Settings page into your enterprise application.
Azure AD Setting VBC Setting
Reply URL (Default) Sign-in URL (Default)
Azure AD Identifier Sign-in URL (Secondary)
Identifier (Entity ID) replace existing value
Entity ID
Logout URL Sign-out URL
3. Update the following settings
4. Click Save to save your changes.
5. Now that you have updated the credentials, your Azure certificate may have changed. Please follow the process above to re-download the certificate from Azure and upload to your VBC account.
Azure AD Setting Value
Relay State 0
6
AZURE ACTIVE DIRECTORY SINGLE SIGN-ON (SSO) FOR VBC
Step 3. Configure User attributes (optional)This step is only required for advanced configurations. When a user authenticates to the application, Azure AD issues the application a SAML token with information (or claims) about the user that uniquely identifies them. By default, this information includes the user's username, email address, first name, and last name. You might need to customize these claims if, for example, the application requires specific claim values or a Name format other than username.
1. In the User Attributes and Claims section, select the Edit icon (a pencil) in the upper-right corner.
2. Verify the Name Identifier Value. The default value is user.principalname. The user identifier uniquely identifies each user within the application. For example, if the email address is both the username and the unique identifier, set the value to user.mail.
3. To modify the Name Identifier Value, select the Edit icon (a pencil) for the Name Identifier Value field. Make the appropriate changes to the identifier format and source, as needed.
4. Select Save. The new claim appears in the table.
7
AZURE ACTIVE DIRECTORY SINGLE SIGN-ON (SSO) FOR VBC
Step 4. Add user assignments
If User assignment required was selected when creating your enterprise application, you will need to add users to your application so they can sign in.
1. In the left navigation menu, select Users and groups.
2. Select the Add user button.
3. On the Add Assignment pane, select Users and groups.
4. Select the user or group you want to assign to the application or start typing the name of the user or group in the search box. You can choose multiple users and groups, and your selections will appear under Selected items.
5. When finished, click Select.
6. On the Users and groups pane, select one or more users or groups from the list and then choose the Select button at the bottom of the pane.
TR_SSO_AZURE0321 | ©2021 VONAGE 8
Step 5. FinishedNow that you have configured Vonage Business Communications to use Azure AD, your end users are ready to use Single Sign-on.
You can start using Single Sign-on from any Vonage Business Communications login page. Get started by clicking Login with Single Sign-on on the login form.
For more information, contact [email protected]
