How to use Azure AD with Cloud SSO

There are two main ways to log into Cloud: using a login/password created in Cloud itself or using SSO. Logging in with SSO is supported for identity providers that offer SAML (Security Assertion Markup Language) or OIDC (OpenID Connect). Azure Active Directory is such an identity provider or IdP.

This article explains how to do the necessary SSO setup in Azure AD to then complete an SSO configuration in Cloud. Note that for these Azure AD instructions we're using SAML as an SSO connection type.

This article explains where in Azure AD to gather the SSO connection details that you need to submit in the Add SSO Connection popup in Cloud. Make sure to read the general Cloud SSO instructions first, before reading this article. This article only explains where in Azure AD to find and input the details of the SSO connection. It does not explain the entire Cloud SSO setup process.

1. Create app in Azure AD

Log into the Azure portal and browse to the Azure Active Directory resource. Select the Enterprise applications menu, hit the New application button and then Create your own application

In the resulting popup, enter a descriptive name for your application and select Integrate any other application you don't find in the gallery (Non-Gallery). Afterward, hit the Create button at the bottom of the screen.

2. Enable SAML for Azure AD app

In the Single sign-on menu of your newly created app, select SAML.

3. Copy Entity ID and ACS URL from Cloud to Azure AD

Copy the Entity ID from the Add SSO Connection popup in Lansweeper and paste it in your SAML settings in Azure AD. Hit the pencil shaped edit button under Basic SAML Configuration in Azure AD and enter the Entity ID into the Identifier (Entity ID) field. Make the new ID the default.

Copy the Assertion Consumer Service (ACS) URL from the Add SSO Connection popup in Lansweeper and paste it into the same edit popup in Azure AD. The field you need to paste the value into in Azure AD is called Reply URL (Assertion Consumer Service URL)

Copy the SingleLogout Service (SLO) URL from the Add SSO Connection popup in Lansweeper and paste it into the same edit popup in Azure AD. The field you need to paste the value into in Azure AD is called Logout Url

Don't forget to hit the Save button when done.

4. Upload Azure AD certificate to Cloud

In the SAML Signing Certificate section of your app's SSO config in Azure AD, download the Base64 (not the raw) certificate. Upload it in the Add SSO Connection popup in Lansweeper.

5. Copy IdP SSO URL from Azure AD to Cloud

In the Set up <Your App Name> section of your app's SSO config in Azure AD, copy the Login URL. Paste it into the Add SSO Connection popup in Lansweeper. The field you need to paste the value into in Lansweeper is called Sign in URL. Optionally, you can also copy the logout URL from Azure AD to Lansweeper.

6. Configure attribute statements in Azure AD

In the Attributes & Claims section of your app's SSO config, hit the Edit button. Choose Add new claim, configure the new claim as mentioned below and hit Save. For the source attribute, you can manually type the word "true" in the available input box and then select it. Your submission will automatically be surrounded by quotes.

  • Name: email_verified
  • Source: Attribute
  • Source attribute: true
Do not skip this step. Adding this attribute is important as it is required by Cloud's underlying SSO login process.

7. Add users or groups to Azure AD app

In the Users and groups menu of your Azure AD app, hit the Add user/group button. On the resulting page, you can select the users and/or groups that will be able to log into Cloud using SSO. As an Azure AD admin, you will be able to monitor your users' SSO logins in Azure AD.

Related Articles

Get Started Right Away

Try Lansweeper for Free