Step 1 – Setup AzureAD
Launch the AzureAD Admin Portal and select the Azure Active Directory menu option
From the sub menu select App registrations
Then select New registration from the toolbar
Give your application a name (my2cloud)
Set the Supported account types to Accounts in this organizational directory only (AssureStor Limited only - Single tenant)
Set the Redirect URI to https://tenant.my2cloud.net/account/login
Note. Replace tenant with your portals prefix.
Click Register to create your application
Copy and save the Application (client) ID
Select Endpoints from the toolbar
Copy and save the
- OAuth 2.0 authorization endpoint (v2)
- OpenID Connect metadata document
Note. Remove /.well-known/openid-configuration
You will also need to ensure the App registration is configured to use ID tokens.
Select Authentication from the side menu and scroll down to the Implicit grant and hybrid flows section
Ensure ID tokens (used for implicit and hybrid flows) is checked
Save any changes..
Step2 – Enable OpenID Connect in my2cloud
Launch your my2cloud portal and login with full administrative rights. Once logged in, select Settings from the Administration sub menu.
From the available tabs, select External Login Settings
Complete the OpenID Connect fields using the information you saved from step 1
- Client Id = Application (client) ID
- Authority = OpenID Connect metadata document
- Login URL = OAuth 2.0 authorization endpoint (v2)
- Validate Issuer = checked
Click the Save All button
Step 3 – Verify OpenID Connect authentication
For OpenID verification to operate correctly you will need to check the following.
Ensure the default role is setup correctly and does not provide access to any sensitive areas such as administration, billing, etc.
When a new AzureAD user signs in for the first time they will automatically be set to use the default role.
Select Settings from the Administration sub menu.
Select the User Management tab
Ensure that the following are checked
- Allow users to register to the system.
- New registered users only via External Login.
- New registered users are active by default.
You are now setup for SSO using AzureAD
When a user now authenticates using the OpenID Connect button on the login page
They will be directed to your AzureAD login screen to authenticate (including enforcement of any MFA policies) and returned back to the my2cloud portal.
To successfully self-register using OpenID Connect the user MUST NOT already exist in the portal. If the user has already been created using the standard user creation workflow please delete the user account first before attempting to register with OpenID Connect.