Configuring SSO for LabCollector with Azure Active Directory - LabCollector

Search Knowledge Base by Keyword

Configuring SSO for LabCollector with Azure Active Directory

You are here:
← All Topics

 

Single Sign-On (SSO) using Security Assertion Markup Language (SAML) authentication provides a secure way for users to access multiple applications with a single set of credentials. In this guide, we will walk through the step-by-step process of configuring SSO SAML authentication for LabCollector from Azure Active Directory (Azure AD).

Read our KB on how to configure LabCollector SSO page.

Note

Single Sign On Authentication: This allows your lab to use SAML (Security Assertion Markup Language) authentication for signing in. SAML provides a single point of authentication, which happens at a secure identity provider. SAML uses secure tokens which are digitally signed and encrypted messages with authentication and authorization data. These tokens are passed from an identity provider to LabCollector with an established trust relationship. As in the case of LDAP, passwords (except for that of the super administrator) are managed outside of LabCollector.

 

Tips

To integrate a custom Single Sign-On (SSO) provider, you must include their domain in the restriction asset list using the format *.domain.ext (as demonstrated in the screenshot below). Here are the detailed steps to add your SSO provider:

  1. Log in to your LabCollector instance with administrative privileges.
  2. Navigate to the Admin section.
  3. Select “Setup” from the menu.
  4. Click on “General Settings.”
  5. Locate “Restriction” settings.
  6. Add the SSO provider’s domain under “Asset domains” in the format *.domain.ext followed by login.microsoftonline.com

 

Step 1: Access Azure Active Directory

1. Navigate to (https://portal.azure.com) and log in to your Azure account.
2. Go to the ‘Azure Active Directory’ section.

 

Step 2: Add a New Application

1. Click on ‘Enterprise applications’.
2. Choose ‘Create your own application’.

 

Step 3: Configure SAML Authentication

1. Select ‘Integrate another application you don’t find in the gallery (Azure Marketplace)’.
2. Click on ‘Unique Authentication’ and choose the ‘SAML’ method.

 

Step 4: Complete Azure Fields

You have two options for filling out the fields:

1. Option 1: Load Metadata File
– Download the ‘metadata XML file’ from the LabCollector SSO page.
– Upload the downloaded metadata XML file using the ‘Load metadata file’ button provided by Azure.

 

2. Option 2: Manual Configuration
– Fill in the following Azure fields manually:
– Entity ID: Copy the metadata URL (e.g., `https://YOURINSTANCE/login.php?metadata`) from the LabCollector SSO Setup page.
– URL Assertion Consumer Service: Use the ACS URL provided by LabCollector (e.g., `https://YOURINSTANCE/login.php?acs`).
– Connection URL: Enter the LabCollector login page URL (e.g., `https://YOURINSTANCE/login.php`).
– Disconnection Page URL: Provide the logout URL from LabCollector (e.g., `https://YOURINSTANCE/login.php.slo`).

 

Step 5: Exchange Information

– Copy and paste the following information from Azure to the LabCollector SSO page.
– Azure AD Identifier (Entity ID) to LabCollector EntityID.
– Single Sign-On Service URL to LabCollector Single Sign-On Service.
– Single Logout Service URL to LabCollector Single Logout Service.

 

To properly map the fields between Azure and LabCollector, refer to the following comparison:

Azure Field LabCollector Field Description
Azure AD Identifier (Entity ID) LabCollector Entity ID Unique identifier for the SAML connection.
Single Sign-On Service URL LabCollector Single Sign-On URL URL used for SSO authentication.
Single Logout Service URL LabCollector Single Logout URL URL used for logging out of the SSO session.
Certificate (Base 64) Public Key Public key certificate for securing the SAML assertions.

 

See screenshots below for fields comparaison:

 

Adding Users to SSO in Azure

To add users to the SSO configuration in Azure, follow these steps:

    • Select the application you created for LabCollector SSO.
    • Go to the ‘Users and groups’ section.
    • Click on ‘Add user/group’.
    • Select the users or groups you want to assign to this application.
    • Click ‘Assign’ to grant them access.

 

Tips

Make your setup smoother by using Azure AD import with SSO authentication. Automatically import Azure AD users to simplify user management and ensure easy logins.

Read our KB on how to configure LabCollector SSO page.

 

Step 6: Download Base 64 Certificate

– Save the configuration in Azure. Download the ‘Base 64 certificate’ from the ‘Certificate SAML’ section on the Azure screen.
– Copy the content of the certificate (.cer) and paste it into the ‘Public key’ input field on the LabCollector SSO Setup page.

 

Step 7: Test the Configuration

– Save the settings on the LabCollector SSO Setup page.
– Ensure that a user with a valid email address exists in LabCollector.
– Test logging into LabCollector using an Azure AD account email address.

Additional Considerations
– Ensure that a user account with an email address as the username exists in LabCollector to be processed by the SSO.
– Adjust LabCollector SSO setup parameters, such as ‘Request Authentication Context’, if authentication errors occur, like ‘PasswordProtectedTransport’, during login due to Azure AD group policies.

    Related topics: