Enable SSO on a VCD
OpenID Connect (OIDC)
Redirect URI: https://mycloud.xxx.zettagrid.com/login/oauth?service=tenant:<org_cloudXX>
org_cloudXXX must be in lowercase
Create a new App Registration, enter a name
Click on ‘Add a redirect URI’ and enter https://mycloud.xxx.zettagrid.com/login/oauth?service=tenant:<org_cloudXX>
Create a client secret under ‘Certificates and secrets’
Under ‘token configuration’ click ‘add groups claim’ and add a groups claim
Under ‘API Permissions’ click ‘Add a permission’ then click on ‘Microsoft Graph’, then ‘Delegated Permissions’ and select ‘email’, ‘profile’, and ‘openid’
vCloud:
Log into vCloud director and navigate to ‘Administration’ from the top menu
Enter client ID and secret into OpenID settings, the IDP Well-known Configuration Endpoint will be:
https://login.microsoftonline.com/<TENANTID>/v2.0
Click next, it should autofill the information
Ensure claims maps are as follows:
You may need to re-edit the config later to get all the claims mapped, sometimes it doesnt let you free-text edit the claim name
Turn on automatic key refresh, with the defaults.
SAML
https://mycloud.per.zettagrid.com/login/org/org_cloudXXXXXXX/saml/SSO/alias/vcd
In Azure AD:
Enterprise Applications → New Application → Create your own application
In the app select ‘Single Sign on’ from the left, select SAML
Edit Basic SAML Configuration: