The following article assists Identity Provider (IDP) Administrators with configuring single sign-on (SSO) for OneView with Azure AD. OneView only supports the SAML 2.0 authentication protocol. For more information, see Configure single sign-on with OneView.
Configure the application SSO settings
- In Azure AD's Set up Single Sign-On with SAML screen, go to Basic SAML Configuration > click the Pencil icon.
- Copy the Service Provider Entity ID from OneView and add it as the Identifier (Entity ID).
- In Azure AD, add the following URLs as Reply URL (Assertion Consumer Service URL):
- The Assertion Consumer Service URL from OneView. Check this as the default.
-
https://ipi-intg-partner-portal-prod.auth.us-east-1.amazoncognito.com/saml2/idpresponse
- Click the Save button.
Configure attributes
- In Azure AD's Set up Single Sign-On with SAML screen, go to User Attributes & Claims > click the Pencil icon.
- Click Add new claim.
- Change the value of the Unique User Identifier (Name ID) to user.mail.
- Add additional claims as lowercase, exactly as shown below.
Claim name / Namespace Value / Source attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress user.mail http://schemas.xmlsoap.org/ws/2005/05/identity/claims/familyname user.surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname user.givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name user.userprincipalname - Click Save.
Link Azure AD metadata with OneView
Use one of the following methods to connect the metadata with OneView
Metadata URL
- Copy the Azure AD App Federation Metadata Url.
- In the OneView Single Sign-On page, paste the Metadata URL under Identity Provider (IDP) Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Metadata XML
- Download the Azure AD Federation Metadata XML file.
- In the OneView Single Sign-On page, choose Metadata XML.
- Drag the .xml file or click Or Select A File to upload the IDP Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.