Enable SSO on a VCD

Owned by Jason Baseley
Last updated: 09 Nov 2022
2 min read

OpenID Connect (OIDC)

Redirect URI: https://mycloud.xxx.zettagrid.com/login/oauth?service=tenant:<org_cloudXX>

org_cloudXXX must be in lowercase

Create a new App Registration, enter a name

 

Click on ‘Add a redirect URI’ and enter https://mycloud.xxx.zettagrid.com/login/oauth?service=tenant:<org_cloudXX>

Create a client secret under ‘Certificates and secrets’

 

Under ‘token configuration’ click ‘add groups claim’ and add a groups claim

Under ‘API Permissions’ click ‘Add a permission’ then click on ‘Microsoft Graph’, then ‘Delegated Permissions’ and select ‘email’, ‘profile’, and ‘openid’

 

vCloud:

Log into vCloud director and navigate to ‘Administration’ from the top menu

Enter client ID and secret into OpenID settings, the IDP Well-known Configuration Endpoint will be:

  • https://login.microsoftonline.com/<TENANTID>/v2.0

Click next, it should autofill the information

Ensure claims maps are as follows:

You may need to re-edit the config later to get all the claims mapped, sometimes it doesnt let you free-text edit the claim name

Turn on automatic key refresh, with the defaults.

SAML

 

 

 

https://mycloud.per.zettagrid.com/login/org/org_cloudXXXXXXX/saml/SSO/alias/vcd

 

In Azure AD:

Enterprise Applications → New Application → Create your own application

In the app select ‘Single Sign on’ from the left, select SAML

Edit Basic SAML Configuration:

 

Â